EEA Releases EthTrust Security Level Specification Version 2

The standard represents a major step forward in ensuring security within the Ethereum ecosystem.

WAKEFIELD, MA — December 18, 2023 — that much Enterprise Ethereum Alliance (EEA) announced today the launch. Version 2.0 of the EthTrust Security Level Specification.

This specification was written by security experts from more than a dozen companies, including well-known companies in the Ethereum security field such as Diligence, OpenZeppelin, Hacken, CertiK, and major companies such as Banco Santander, Microsoft, and EY. In particular, it involves professional security companies, general customers, and independent experts all working together to strengthen security measures.

“EthTrust represents a significant step forward in ensuring security within the Ethereum ecosystem,” said Chaals Nevile, EEA’s technical program director. “It acts as a comprehensive ‘quality check’ for Ethereum and sets the benchmark for security standards.”

A robust framework for smart contract security

EthTrust’s primary function is to provide a robust framework for reviewing smart contract code written in Solidity, the primary language for Ethereum-based blockchains. The framework is designed to identify and fix known security vulnerabilities, providing a high level of assurance about the safety and security of the code.

Key beneficiaries of the new specifications include:

1. developer: EthTrust reduces the workload of security reviewers by solving the root cause problem. This reduces costs and allows more focus on discovering complex or new vulnerabilities.
2. customer: Customers can be confident that security reviews meet basic quality standards.
3. Reviewer: Reviewers benefit from a comprehensive and up-to-date checklist of known issues, streamlining routine tasks so they can focus on the more complex and creative analytical aspects of their role.

Important improvements

This collaborative effort involved one and a half years of knowledge sharing and systematic revision within the EEA. EthTrust Working Group. This approach represents a significant improvement over the original version released last year and demonstrates EEA’s effective ongoing maintenance and update capabilities.

Improvements include:

• Clearer handling of read-only reentrancy
• Several new bugs found in the Solidity compiler
• Explicit handling of rounding errors
• Simplification of test requirements to streamline the process for most developers without compromising their ability to handle unconventional code;
• Specification updates have been made to address newly discovered vulnerabilities and focus adjustments to reflect changing attack patterns.

The new standard provides reliable, industry-supported guidance for the broader Ethereum/EVM-based blockchain ecosystem. The new standard is available online for free from the EEA. EEA EthTrust Security Level Specification.

contact lens

For more information about the standard, please contact: Charles NevilleEEA Technology Program Director, Chaals@entethalliance.org.

EEA Media General Enquiries: Tom LyonsEEA Communications and Content Manager, Tom. Lyons@entertainment.org.

About the EEA

The EEA is a member-driven industry organization whose goal is to enable the use of Enterprise Ethereum and Mainnet Ethereum blockchain technologies as open standards that empower all enterprises. For more information, please visit Entertalians.org.