Iris Coleman
May 25, 2025 14:56
The important vulnerabilities of BESU’s Ethereum clients related to the BN254 sub -group inspection have been resolved. This defect can potentially impair encryption security.
Ether Lee Run Client, BESU, faced considerable security vulnerabilities due to the inappropriate sub -group inspection of the BN254 elliptical curve as described in the recent report of the Ethereum Foundation. The defect, which was identified as BESU’s version 25.2.2, was a risk of consensus mechanisms by allowing potential operation of encryption work.
BN254 Understanding curve
The BN254 curve, also known as the Alt_bn128, is an elliptical curve used in Etherrium for encryption. It was the only pairing curve supported by EVM (Ethereum Virtual Machine) before the EIP-2537 was introduced. This curve is important for the work defined according to the EIP-196 and EIP-197 pre-compiled contracts, which facilitates the efficient calculation of the curve.
Vulnerability
A notable security problem in elliptical curve encryption is a wrong curve attack, which uses points that are not in the correct curve. These vulnerabilities relate to non -prime order curves, such as the BN254, which is used for pairing -based encryption. If this fails, a security violation may occur, so it is essential to make sure that the point belongs to the right lower group.
In the case of BESU, vulnerabilities occurred because the lower group membership test was performed before checking if the point was in the curve. This sequence error allows scores in the right sub -group, but it can bypass the security inspection on the curve to damage the integrity of the system.
Technical description and solution
To see if the point P is valid, you need to confirm that it is in the curve and in the correct sub group. The defect in the implementation of BESU has skipped and skipped important directors. The appropriate verification process includes checking both curves and lower group memberships. In general, the point of the lower group is multiplied by the point and checks the IT to check the ID element.
Ethereum Foundation’s report emphasized that the BESU team immediately solved this problem and implemented modifications modified in version 25.3.0. This modification ensures protection of potential abuse by ensuring both checks in the appropriate order.
Wide influence and security practices
This defect is suitable for BESU and does not affect other Etherrium clients, but emphasizes the importance of consistent encryption inspection in other software implementation. The inconsistency can threaten various client behaviors, network agreements and trust.
This event emphasizes important demands for strict testing and security measures of the blockchain system. Initiatives, such as the PECTRA audit competition, which helps this problem, is essential to maintain the elasticity of the ecosystem by encouraging comprehensive code review and vulnerability assessment.
The pre -preventive approach of the Ether Rim Foundation and the rapid response of the BESU team show the importance of collaboration and boundaries in maintaining the integrity of the blockchain system.
Image Source: Shutter Stock