Blockchain security & research firm | Providing in-depth security reviews for top protocols | Founders & maintainers of Lighthouse, an Ethereum consensus client
Sep 17, 2023 โข 12 tweets โข 2 min read
A Thread on Auditing Merkle Proofs in Smart Contracts
๐งต
1/ ๐ Prevent Creating Subtrees Out Of Leaves
- Use domain separation between leaf hashing and node hashing OR ensure leaf nodes aren't the same byte-size as two child nodes.
- Verify proof length whenever possible e.g. if the tree is balanced all leaves are at a certain depth and should have a fixed length proof
- If these are not checked trees can be extended by making a leaf node into parent node
Oct 8, 2021 โข 9 tweets โข 5 min read
This week, #Ethereum researchers and core developers met in person to work on the transition to Proof-of-Stake. This upgrade, also known as "The Merge", will reduce the energy consumption of the network by 99.8%
Here's a short thread on what was achieved throughout the week ๐งต๐
Very early on, Lighthouse interoped with @go_ethereum, allowing us to successfully emulate the merge fork on local machines ๐ด๐
Important qualifications ๐
This is exciting, but it doesn't mean that we're ready for production. This is a prototype and there's still a lot of questions to answer and work to do.
Primarily, you should take this is a signal that Eth1 and Eth2 developers are actively working together on the merge. ๐งโ๐คโ๐ง