Skip to content

Latest commit

 

History

History
39 lines (20 loc) · 3.69 KB

pectra-system-contracts-audit.md

File metadata and controls

39 lines (20 loc) · 3.69 KB

Pectra System Contracts Bytecode Audit RFP

The Ethereum Foundation is soliciting proposals for an audit of the bytecode of three smart contracts related to the Pectra hard fork. These are system contracts to be used by EIPs 2935, 7002, 7251 (linked below). They will be deployed prior to the hard fork or as part of its migration.

Audit Requirements

The audit should focus exclusively on the smart contract bytecode, referenced in the EIPs below. It should not encompass all of the EIPs, or client implementations of the EIPs, including their interactions with the contracts.

The audit should validate whether the contracts' bytecode meet the functionality described in the EIPs. The audit should also highlight any potential security vulnerabilities associated with the contract, both as part of its normal utilization and by malicious users. If and where applicable, the audit should ideally propose fixes or improvements to the contract code.

There is a possibility the EIP authors may make changes to the contract code after the publication of this RFP, although we do not expect their semantics to change significantly. The latest versions of the bytecode will be shared with auditors prior to the beginning of the audit.

The contract contains a ring buffer of historical block hashes and two code paths, get and set, depending on the caller. Expected calldata formats and behavior for each are specified in the EIP.

The contract contains a queue of staking withdrawal requests and three code paths depending on the caller and input: add_withdrawal_request, get_excess_withdrawal_requests, and read_withdrawal_requests. Excess withdrawal requests beyond what the consensus layer can process are queued and a fee is calculated to prevent spam requests.

In addition to the semantics in the EIP, the audit should evaluate the contract behavior prior to the first system call -- noting the initial withdrawal request fee. The first system call will occur in the first block following the hard fork, but the contract can be called before then.

A geas implementation of the contract can be found in this repository.

The contract contains a queue of requests to consolidate validators in response to a consensus layer parameter change. It contains three code paths depending on the caller and input: add_consolidation_request, get_excess_consolidation_requests, and process_consolidation_requests. A fee is charged for consolidation requests based on excess requests to be processed, similar to 7002.

In addition to the semantics in the EIP, the audit should evaluate the contract behavior prior to the first system call -- noting the consolidation request fee calculated using EXCESS_INHIBITOR.

A geas implementation of the contract can be found in this repository.

Proposal Submission

To submit a bid for the audit, please email your proposal to [email protected] with the subject line "Pectra System Contracts Bytecode Audit" by October 11, 2024.

Proposals should include a summary of work to be performed, a timeline for completion of the audit, and a price for the engagement. Proposals will be judged on technical expertise, possible start dates, and cost, at the discretion of the Ethereum Foundation.

Accepted proposals will be confirmed by October 22, 2024 at the latest.