A collection of resources relevant to the PSE Security Team.
The Privacy & Scaling Explorations team at the Ethereum Foundation has its own security division. The main goal has been to help find bugs and strengthen security in the Ethereum L2 and ZK ecosystems. As we have all seen throughout Ethereum’s lifetime, one critical bug can cause major setbacks to the whole space. So it’s very important to get ahead of these bugs, especially in newly developed fields such as the layer 2 and zero-knowledge spaces.
If you’re interested in collaborating or just finding out more about PSE security, you can reach out to any of our 3 team members:
- Kyle Charbonnet - Team Lead
- Yuefei Li - L2 Security Engineer
- Blockdev - ZK Security Engineer
At the moment we have two open source projects that are meant to be community-led. So anyone can contrinbute!
The ZK Bug Tracker tracks real bugs found in production code for various projects. It also contains a list of commonly found vulnerabilities in ZK code. The Bridge Bug Tracker tracks real bridge exploits in production. These exploits have resulted in billions of dollars being stolen. It also contains a list of resources useful for analyzing bridge security.
We've also aided the Veridise team to conduct an audit on a circom library, and to help develop a framework for static analysis of zk circuit code.
Many of the audits we conduct are for internal projects within the PSE team, so formal audit reports aren't made. However, a few of the bugs we've found can be found in the ZK Bug Tracker repo. We also have plans to add any formal audit reports here in the future.