BEIJING, Aug. 27, 2021 /PRNewswire/ — To better prepare for the upcoming mainnet token swap, aelf engaged Trail of Bits (ToB) this summer to review the security of the aelf blockchain platform. Last week, Trail of Bits completed this audit, along with its review of the fixes implemented by aelf.
Fix report from ToB. ToB offered the initial assessment including a code maturity evaluation covering six code maturity classes: access controls, centralization, function composition, front-running, specification, and testing and verification. The aelf technical team sincerely evaluated the feasibility of Trail of Bits’ suggestions and adjusted the code to counterbalance the potential risks identified by Trail of Bits’ security engineers.
Specifically, aelf made the following changes:
Created an Emergency Response Organization that can remove malicious nodes when 90% of the nodes in the parliament have voted in favor of removal. Made some changes to the economic system, increasing the rewards provided to miners elected to parliament for the first time, which incentivizes voters to avoid centralization. Further details on the economic system adjustments will be disclosed soon. Added password verification to the API to manage peer nodes, which will ensure that peer nodes cannot be maliciously added or deleted. All nodes in the network will validate a contract before it is deployed to ensure malicious code is never deployed on the chain. The aelf technical team changed the consensus-determination process that occurs in the event of bifurcation, dividing it into two rounds; each of the nodes will automatically revert to the previous best block height until the network is restored. Add a mechanism for slashing miners’ rewards based on the average number of blocks that they miss relative to other miners. Nodes will return stack trace information to users when their transactions fail. However, the aelf technical team will return only the first line of the error message instead of displaying the complete stack trace to avoid unnecessary exposure. Remaining Issues
The ToB team recommended that aelf avoid executing smart contracts through virtual machines or other sandboxing technologies, which may cause resource exhaustion and information leakage. This recommendation matches aelf’s considerations in the early stages of designing. However, after careful consideration, aelf believed that the deployment of a more extensive sandboxing mechanism is not worth the efficiency sacrifice. This decision is of great importance to its current capabilities, which include performing parallel transactions and executing 35,000 TPS on a single sidechain.
The aelf team made other tweaks to the original deployment process as well. All nodes within the network will be asked to participate in the validation process, and code hashes will be downloaded and saved in files. In the future, aelf will continue to increase its R&D investment to provide a safe environment while keeping the current processing capacity.
The ToB team also indicated that low-fee transactions could be used to execute DDoS attacks. After careful evaluation, the aelf team decided to preserve the original aelf code and to set up load balancing. In this way, aelf can hide the master node to avoid risk.
The Trail of Bits audit is of great importance to aelf’s current operations. Now that the audit is complete, we will soon release the corresponding changes on the testnet and will synchronize that version with the one on the aelf mainnet. Please stay tuned for aelf’s mainnet token swap in September 2021!
To see the full audit report, please reference aelf GitHub publication. https://github.com/AElfProject/aelf-audit-reports
About Trail of Bit:
Trail of Bits, founded in 2012, is an industry leader in high-end cybersecurity research and consulting. The team has a track record of identifying vulnerabilities in the code of highly targeted organizations and has performed security assessments for Aave, Compound, Western Digital, and many more entities.
About aelf:
aelf (Tokens: ELF) is the world leading blockchain ecosystem. aelf innovated on its multi-sidechain systematic structure as well as its cross-chain collaboration mechanism, enabling the unlimited scalability to solve today’s most pressing issues and to promote the future digital economy. Founded in 2017, aelf is headquartered in China and provides the most user-friendly open resource blockchain infrastructure for users and developers around the world.
Media Contact
Qi Ai
PR Specialist
aelf Blockchain
IFC 2007B, Chaoyang
Beijing, 100022
Ph: +86 13911098034 | E: [email protected]
SOURCE aelf blockchain