Ethereum Foundation report: Cross-chain features and AI code increase the risk of exploits

The Ethereum Foundation discovered the growing complexity of cross-chain features and the involvement of AI code may increase exploit risks. As part of the Trillion Dollar Security program, the Foundation issued its first report on current Ethereum issues. 

The Ethereum Foundation announced its first security report, as part of the Trillion Dollar Security program. The Foundation will track security risks, with the goal of making Ethereum capable of securing trillions of dollars. 

The Ethereum ecosystem still attracts exploits, and is one of the main playing fields of DPRK hackers. The Foundation aims to point out risks and secure some of the projects. 

Ethereum Foundation warns about risks in cross-chain transfers

The Foundation immediately pointed out that large contract risk is mostly a risk of the past, but there are other new vulnerabilities. Contract upgrades, calls between contracts, unsafe external libraries and lack of adequate audits mean some projects may be compromised. 

The other major risk is access control for contracts, or the ability to inject a malicious contract, as in a recent attack against the Arbitrum chain.

While the Ethereum Foundation calls for more cross-chain compatibility, those interactions hold additional risks. Bridges are still one of the riskiest contracts, with weak points in messages between the chains and validation. 

Personal signature misuse is a growing new risk, especially with the newly introduced smart accounts on Ethereum. Malicious apps may trick users into full delegation of not only their assets, but their entire account to a third party. 

Another emerging risk is the introduction of AI-generated code, or in cases of automated refactoring.

The Ethereum Foundation also pointed out monitoring, response, and coordination in the case of hacks and exploits is also still informal and may take hours. With thousands of projects, monitoring and raising issues remains voluntary, or provided by specialized on-chain researchers. The Foundation called for a more formal system of coordination, as well as building insurance to cover losses.

L2 chains pose complexity risks

L2 chains pose additional risks, especially in multi-hop bridges. Mismatched accounts can lead to exploits, such as minting unauthorized balances. 

Some of the existing L2 chains rely on a semi-centralized system of verifying transactions. The presence of security councils or other entities that control upgrades can also be exploited. 

Staking itself poses multiple risks, depending on the protocol structure. Liquid staking protocols may be threatened by collusion and coordination between validators to extract MEV or perform other transactions that would be impossible in a decentralized system. 

Validator collusion can also affect the Ethereum L1 chain, as some of the staked ETH is concentrated with several top protocols. The introduction of 2,048 ETH stakes can also bring more whales with significant influence in building consensus, as Ethereum’s chain has grown more centralized. 

The threats were exposed as Ethereum once again expanded its total value locked. Far from securing trillions, Ethereum still carries $66B in total value locked, with $124B in the form of stablecoins. ETH is also attempting a recovery to a higher price range, after trying to break above $2,800, breaking out of the period of range-bound trading.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.