The standard represents a major step forward in ensuring security within the Ethereum ecosystem.
Wakefield, Massachusetts — December 18, 2023 — THE Ethereum Alliance for Business (EEA) today announced the release of Version 2.0 of its EthTrust security levels specification.
The specification was developed by security experts from more than a dozen companies, including renowned names in Ethereum security like Diligence, OpenZeppelin, Hacken, and CertiK, as well as large enterprises like Banco Santander, Microsoft, and EY. It includes specialized security companies, their regular clients, and independent experts, all working together to improve security measures.
Chaals Nevile, EEA’s Director of Technical Programs, said: “EthTrust represents a major step forward in ensuring security within the Ethereum ecosystem. It serves as a comprehensive ‘quality check’ for Ethereum, setting a benchmark for security standards.”
A robust framework for smart contract security
EthTrust’s primary function is to provide a robust framework for reviewing the code of smart contracts written in Solidity, the predominant language for Ethereum-based blockchains. This framework is designed to identify and fix known security vulnerabilities, providing a high level of assurance in the safety and security of the code.
The main beneficiaries of the new specification are:
- Developers: EthTrust reduces the workload of security examiners by addressing root issues. This results in reduced costs and increased focus on discovering complex or new vulnerabilities.
- Customers: It provides customers with confidence that security reviews meet fundamental quality standards.
- Reviewers: Reviewers benefit from a comprehensive and up-to-date checklist of known issues. This simplifies their routine tasks and allows them to focus on more complex and creative analysis aspects of their role.
Significant improvements
This collaborative effort took a year and a half of knowledge sharing and systematic review within the EEA. EthTrust Working GroupThis approach has led to significant improvements over the original version released last year, demonstrating the EEA’s ability to provide continuous and efficient maintenance and updates.
Improvements include, but are not limited to:
- More explicit treatment of read-only reentry
- Some new bugs discovered in the Solidity compiler
- Explicit handling of rounding errors
- Simplifying testing requirements to streamline the process for most developers without compromising the ability to cover unusual code; as well as
- Specification updates with newly discovered vulnerabilities and targeted adjustments to reflect changing attack trends.
The new standard provides reliable, industry-backed guidance for the broader Ethereum/EVM-based blockchain ecosystem. The new standard is available online for free on the EEA website: EEA EthTrust Security Levels Specification.
Contacts
For more information on the standard, contact: Chaals NevileDirector of Technical Programs of the EEA, Chaals@entethalliance.org.
Contact for general EEA media enquiries: Tom LyonsDirector of Communications and Content for the EEA, tom.lyons@entethalliance.org.
About the EEA
The EEA is a member-driven industry organization dedicated to advancing the use of Enterprise Ethereum and Mainnet Ethereum blockchain technology as an open standard to empower ALL businesses. Learn more at entethalliance.org.
The article EEA releases version 2 of EthTrust security levels specification appeared first on Enterprise Ethereum Alliance.
