Quantstamp 审核第一层区块链

Quantstamp Labs
September 1, 2020

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Quantstamp 实验室
2020年9月1日

Quantstamp 已为超过50亿美元的数字资产提供安全保障,并为包括初创企业、基金会和企业在内的130多家机构提供安全服务。除了保障运行在区块链平台上的应用安全,我们还为基础层协议提供安全服务。我们在基础层协议方面的经验包括ETH2、Avalanche和Cardano。对于ETH2,我们审核了Prysmatic Labs的Prysm客户端,目前我们正在审核ConsenSys的Teku客户端。

在这篇文章中,我们描述了第1层审计的内容,并重点介绍了一些我们所使用的独特机制。

ETH2使用股权证明作为其共识机制。ETH2的最终目标是利用股权证明来验证64个碎片的数据。

共识层

Quantstamp 搜索可能阻止第1层网络达成共识的错误。要使网络达成共识,特定网络的节点需要对该网络的最新状态达成一致。为了使分布式网络成功,共识中断必须是罕见的,因为它们会使网络在一段时间内无法使用。

ETH2、Cardano和Avalanche都有一个独特的协议来产生共识。ETH2和Cardano都使用股权证明(PoS):然而,ETH2的PoS模型通过割裂来激励良好的行为,而Cardano使用的是不割裂的委托股权证明模型。Cardano的共识模式被称为"委托股权证明",因为用户将验证交易的权利委托给一个股权池运营商,以换取该池的部分奖励。

Avalanche包括一个定向无环图(DAG)组件。DAG节点具有独特的内部机制,用于确定哪些事务将最终包含在DAG中。 图片来源

Quantstamp 寻找干扰共识并使网络容易受到攻击的漏洞,包括但不限于。

并非所有的分布式网络都是区块链,有些是定向无环图(DAG)。‍

账本

我们所保障的第一层协议不仅在实现共识的方式上有所不同,在存储数据的方式上也有所不同。Avalanche的账本其实不是区块链,而是一个有向无环图。Cardano和ETH2使用的是区块链。Quantstamp ,审计了ETH2的Beacon Chain,这是ETH2未来分片账本系统的核心区块链。Quantstamp ,确保这些账本中存储的数据是不可变的、诚实的、没有漏洞的。

Quantstamp 审核钱包,确保用户资金安全。

面向用户的应用

寻求第一层审计的组织还需要为帮助非技术用户与区块链交互的面向用户的应用程序提供安全保障。对于Cardano来说,Quantstamp ,为了保证用户私钥和资金的安全,还对Daedalus钱包进行了审计。

有兴趣了解DeFi的最新发展吗?
了解更多
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.