What's New in Eth2 - 8 October 2021

Edition 79 at eth2.news

The Amphora Edition 🏺

First things first, it's been three years (and a week) since I started writing this thing, so that deserves a :birthday:, I think. How it started. I hadn't really expected to be still doing this by now, but we are getting there!

This will be a minimally viable edition, due to having been at the Merge Workshop all week with a bunch of the Eth1 and Eth2 dev teams. More later.

Just three main topics to cover for you:

1. Get ready for Altair
2. Rocket Pool delay and the vulnerability report
3. The Merge Workshop

Altair

A reminder that the Altair upgrade on the beacon chain mainnet is set for epoch 74240 (Oct 27, 2021, 10:56:23am UTC). If you are staking on Eth2, you must upgrade your client before that date. See this blog post from the Ethereum Foundation for FAQ, and details on which client version you need to be running.

The Altair upgrade/fork is not the merge, but it does add some functionality to the beacon chain (like sync committees) and some other improvements. This is our one and only real-life practice run at upgrading the beacon chain before the merge. If it goes badly (perhaps because many stakers did not upgrade their clients in time) then it will certainly push back the merge date. You have been warned!

Rocket Pool etc.

Unfortunately, the much anticipated launch of Rocket Pool staking this week was aborted at the last minute.

Here's the initial announcement on RP's discord, on the eve of the launch:

We've just been alerted to a potential critical exploit in the node side of protocol that could allow an operator to submit previously made withdrawal credentials for a minipool. It is a very sophisticated exploit so we will need some time to analyse and look at a fix. This is not a direct smart contract exploit bug.

Obviously this close to launch is far from ideal, but we are extremely security conscious and making sure users funds are safe takes priority over everything else. This will effect our launch date, so we will give an update on that soon.

The exploit was found by Dmitri Tsumak of StakeWise and responsibly disclosed to Rocket Pool. It is now public, and RP has published some analysis.

The tl;dr is that, in some staking pool scenarios, a malicious actor could potentially front-run deposit transactions to set the withdrawal credentials to their own rather than the intended withdrawal contract. Thus, when the stakes are eventually exited, the Ether would end up with the attacker rather than the stakers. The issue was actually first identified two years ago by the estimable Jim McDonald.

In post-disclosure conversations between staking pools, facilitated by Immunefi, both Lido and Stakefish anounced that they were also potentially vulnerable to the attack. Others may be as well. As far as anyone knows, this has never been exploited, and everyone is taking steps to secure against it.

Rocket Pool is testing and auditing their fix, and re-planning the launch. Watch this space.

The Merge workshop

It's been a bit below the radar for security reasons, but for the past week about 40 representatives of Eth1 and Eth2 teams, the Ethereum Foundation research team, ConsenSys Quilt R&D, and ConsenSys TX/RX have been working together onsite in Greece. Once we've all gone home I shall share some photos and memories.

The event's ultimate goal was to create a long-lived, multi-client merge devnet. That is, a network that includes multiple Eth1 and multiple Eth2 clients, that has gone through the proof of work to proof of stake transition, and is happily running and processing transactions.

And we achieved it! (With two minutes to spare before our closing dinner :slightly_smiling_face:) Three execution clients and four consensus clients nicely transitioned together from proof of work to proof of stake. It's a first step, and things are expected to go awry in the short term. But we did the thing, and it's a giant leap towards shutting down proof of work.

The best overall explainer of what we're up to is this quick video demo from Adrian Sutton. I highly recommend this. You can see Ethereum transactions on a proof of stake network!

There have been plenty of reports of successful steps along the way. To give some context, what's going on here is that individual Eth2/consensus clients are pairing up with individual Eth1/execution clients and testing that they can transition nicely together from PoW to PoS. With that done, bigger networks are built using multiple combinations of clients. There are suggestions for how client combinations might be named.

A list of milestone announcements, roughly chronological (and I've definitely missed a bunch):

• Nimbus and Nethermind
• Lodestar interops with Besu, Geth, and EthereumJS
• Lighthouse and Geth
• Teku plus Geth
• Multiclient: Lighthouse plus Geth and Lodestar plus Geth.
• Teku and Besu
• Nimbus syncs the multiclient hacknetv2.
• Multiclient: Geth plus Teku and Geth plus Lighthouse.
• Multiclient: Geth plus Teku and Besu plus Teku.
• Serious multiclient: Geth+Teku, Besu+Teku, Geth+Lighthouse and Besu+Lighthouse
• Lodestar plus Besu
• Prysm plus Geth

The full list of successes is in the overall tracking document, along with explanation of milestones, and links to resources. Unfortunately, Prysm was unable to be with us, but the team has been working remotely

Amidst solving lots of minor incompatibility issues between clients, one of the most challenging aspects has been effectively syncing nodes on the combined network. Paul Hauner of Sigma Prime has made a nice write-up of the challenges.

We also had many breakout sessions to discuss stuff like testnet automation, API definition, error standardisation, fuzzing and continuous integration, and "from Amphora to mainnet". The week has been a huge step forward in "proving the concept" of the Merge, and rapidly getting clients up to speed. But there remains a great deal of work to be done around robustness and productisation. So far, we are only really testing the happy-flow.

Other things that people worked on during the week:

• MergeMock can mock either the execution node or the consensus node to make testing and bug isolation easier (fewer moving parts).
• Merge Fuzz fuzzes Geth's engine API (its interface with the beacon node). The plan is to extend to all Eth1/execution clients to perform differential fuzzing. Announcement.
• Ansible playbooks for setting up testnets.
• The mergenet consensus monitor that's tracking the current long(-ish) standing devnet. All being well, you should see lots of combinations of Eth1 and Eth2 clients progressing in perfect sync. Announcement.

Here's Sigma Prime's account of the week.

Last, but by no means least, check out the t-shirt I had made for the event (styled after this).

In other news

A very brief round up of other things things going on.

• Danny's Finalized no. 29. Short and sweet headlines on Altair and the Merge Interop.

Staking

• Another survey for stakers and prospective stakers. This one is from EthStaker and is quite straightforward.
• NodeWatch, an open source beacon node explorer from ChainSafe. Pretty pictures!
• Client diversity continues to be a hot button. Here's EthStaker's comprehensive list of client switching guides.
• Prysmatic Labs has published a statement on client diversity.

Explainers

• Dankrad has a nice Proofs of Custody explainer.
• PEEPanEIP session with on Beacon chain metrics & benchmarking with Pari from the EF and Leo from the Barcelona Supercomputing Center.
• Liberosist/Polynya has been writing a great deal on sharding and rollups lately. Here's a taster: Modular vs monolithic sharding. And there's a wealth to explore on their Medium page.

Research

• Alex Vlasov continues to seek rigour in the way we write specifications: "Mutable Forest" Memory Model for blockchain specs. Some good discussion ensues.
• Vitalik has reached version 3 of the proposer / builder separation design. This is part of a goal of democratising MEV, and the present version involves extending beacon chain slots from 12 to 16 seconds to be able to fit some more interactions in.

Client updates

• The latest (pre merge interop) update from Nimbus

That's all for now, folks. Onwards and upwards!

Advertising on this newsletter.

Give Feedback.