EEA Releases Version 2 of the EthTrust Security Levels Specification

Standard represents a major advance in ensuring security within the Ethereum ecosystem.

Wakefield, Mass. — December 18, 2023 — The Enterprise Ethereum Alliance (EEA) has today announced the release of Version 2.0 of its EthTrust Security Levels Specification. 

The specification was crafted by security experts from over a dozen companies, including renowned names in Ethereum security like Diligence, OpenZeppelin, Hacken, and CertiK, as well as major corporations like Banco Santander, Microsoft, and EY. Notably, it includes specialist security firms, their typical clientele, and independent experts, all working together to elevate security measures. 

 Chaals Nevile, Director of Technical Programs at the EEA, said: “EthTrust represents a pivotal advancement in ensuring security within the Ethereum ecosystem. It serves as a comprehensive ‘quality check’ for Ethereum, setting a benchmark for security standards.”

A Robust Framework for Smart Contract Security

EthTrust’s primary function is to provide a robust framework for reviewing Smart Contract code written in Solidity, the predominant language for Ethereum-based blockchains. This framework is designed to identify and rectify known security vulnerabilities, offering a high level of assurance in the safety and security of the code.

The primary beneficiaries of the new specification include:

1. Developers: EthTrust reduces the workload for security reviewers by addressing fundamental issues. This translates to lower costs and a heightened focus on uncovering complex or novel vulnerabilities.
2. Customers: It offers customers the confidence that security reviews meet fundamental quality standards.
3. Reviewers: Reviewers benefit from a comprehensive and current checklist of known issues. This streamlines their routine tasks, allowing them to concentrate on more intricate and creative analysis aspects of their role.

Significant Improvements 

This collaborative effort involved a year and a half of knowledge sharing and systematic revision within EEA’s EthTrust Working Group. The approach has led to significant improvements over the original version released last year, showcasing EEA’s capability for effective ongoing maintenance and updates. 

Improvements include, among other things:

• More explicit treatment of read-only re-entrancy
• Some new bugs discovered in the Solidity compiler
• Explicit treatment of rounding errors
• Simplification of testing requirements to streamline the process for most developers without compromising the ability to cover unusual code; as well as 
• Updates to the specification with newly discovered vulnerabilities and adjustments in focus to reflect changing trends in attacks. 

The new standard provides reliable, industry-backed guidance for the broader Ethereum/EVM-based blockchain ecosystem. The new standard is freely available online from EEA: EEA EthTrust Security Levels Specification.

Contacts

Contact for more information on the standard: Chaals Nevile, EEA Director of Technical Programs, Chaals@entethalliance.org. 

Contact for general EEA media inquiries: Tom Lyons, EEA Director of Communications and Content, tom.lyons@entethalliance.org. 

About the EEA

The EEA is a member-led industry organization whose objective is to drive the use of Enterprise Ethereum and Mainnet Ethereum blockchain technology as an open standard to empower ALL enterprises. More at entethalliance.org.