A Thread on Auditing Merkle Proofs in Smart Contracts

🧵

1/ 🍂 Prevent Creating Subtrees Out Of Leaves
- Use domain separation between leaf hashing and node hashing OR ensure leaf nodes aren't the same byte-size as two child nodes. - Verify proof length whenever possible e.g. if the tree is balanced all leaves are at a certain depth and should have a fixed length proof
- If these are not checked trees can be extended by making a leaf node into parent node

This week, #Ethereum researchers and core developers met in person to work on the transition to Proof-of-Stake. This upgrade, also known as "The Merge", will reduce the energy consumption of the network by 99.8%

Here's a short thread on what was achieved throughout the week 🧵👇 Very early on, Lighthouse interoped with @go_ethereum, allowing us to successfully emulate the merge fork on local machines 🍴🎊

https://twitter.com/vdWijden/status/1445244013385289728

🎉🎉 Lighthouse produced its first #Eth1 & #Eth2 merge transaction 🎉🎉

This is an ETH tx using *only* proof-of-stake validators. A step towards a 99.98% drop in Ethereum energy consumption 🌏🌲🌄

Credits to @gballet, @mkalinin2 & @Teku_ConsenSys!

Important qualifications 👇 This is exciting, but it doesn't mean that we're ready for production. This is a prototype and there's still a lot of questions to answer and work to do.

Primarily, you should take this is a signal that Eth1 and Eth2 developers are actively working together on the merge. 🧑‍🤝‍🧑