Telos Team uncovers critical bug in recent Ethereum Virtual Machine audit – The team at Telos (TLOS), a high-performance blockchain network processing a large number of transactions in an energy-efficient manner, has revealed that a potentially critical bug was identified during Telos’ recent Ethereum Virtual Machine (EVM) audit.
The vulnerability was reportedly detected by software security expert Guido Vranken (@guidovranken), who’s currently working for Sentnl. As confirmed in the announcement, the bug was discovered as part of a planned security audit for the Telos EVM.
The Sentnl audit team confirmed that they found a critical vulnerability in Ethereum’s (ETH) codebase while auditing their EVM. The team claims that millions of dollars could have been at risk of being compromised. However, their timely audit should now ensure that these issues won’t happen again. In good practice, the Sentnl audit team immediately informed the Ethereum developers about their findings.
Thoroughly Auditing Codebase to Ensure Maximum Security
PSA: On Tuesday Aug 24th, Geth will issue a hotfix to a high severity security issue. Please make any necessary preparations to upgrade to the upcoming release (v.1.10.8). #ethereum #geth
— Go Ethereum (@go_ethereum) August 18, 2021
It’s worth noting that these types of critical bugs are not uncovered very often.
As noted by the Telos team, they had decided to go the extra mile by having their codebase thoroughly audited before launching the Telos EVM. The team had realized that this was not the typical “cookie-cutter” auditor who will simply run a series of test codes.
The Telos developers further explained that these test codes are readily available online. They also noted that the team had written a library of their own custom test codes. After performing these tasks internally, they wanted to put their EVM under a real high-powered, third-party inspection.
The Telos team mentioned that they wanted a team of skilled white hat programmers to carefully go through every line of code. As a result, they extensively vetted and decided to work with Sentnl.
To vindicate this decision, the Sentnl team helped tighten the Telos code and to everyone’s surprise, they discovered a serious flaw in Ethereum while comparing Ethereum EVM code to the Telos EVM code.
According to the code testing experts, this should speak volumes about Sentnl and Telos EVM because Ethereum EVM has reportedly been vigorously audited. It’s continuously undergoing audits. So uncovering this bug was like finding a needle in a haystack.
The Ethereum developers have announced that a high severity security issue was detected.
PSA: On Tuesday Aug 24th, Geth will issue a hotfix to a high severity security issue. Please make any necessary preparations to upgrade to the upcoming release (v.1.10.8). #ethereum #geth
— Go Ethereum (@go_ethereum) August 18, 2021
Ethereum development teams also confirmed the bug and have given credit to Guido for finding the vulnerability.
Yes, confirmed, this one is a finding by @GuidoVranken https://t.co/JUA3dl08RX
— Go Ethereum (@go_ethereum) August 18, 2021
Telos Focuses on Ensuring High Level of Security
This latest auditing exercise indicates that Telos cares about security and hired a qualified and competent group to check their code. It’s very important to write code by observing best programming practices. It’s also vital to have that source code audited by an experienced third party so that they can identify any potential issues before publishing the codebase for use in a production environment.
As mentioned in the update from Telos, the audit was so thorough that they identified an exploit no one ever detected before. This incident confirms that we can put a high value on the level of code security of the Telos EVM.
As a global crypto community, they’re also a key part of the larger EVM and DeFi landscape, and the Telos team genuinely cares about the security and success of this emerging space.
Douglas Horn, Chief Architect at Telos, stated:
We were diligent in our selection process in picking Sentnl to audit the Telos EVM code. We wanted the best around and it’s gratifying to see such a clear demonstration that we made the right choice. Telos EVM intends to make a major contribution to the EVM space and we’re glad that our project is already leading to meaningful improvements to the Ethereum and DeFi worlds. People should also feel very confident that the most thorough standard of code review has gone into Telos EVM, thanks to Sentnl.
Guido Vranken from Sentnl Auditors said:
In order to find vulnerabilities in the Telos EVM, I engaged in deep and rigorous fuzzing, and verified that its behavior matched that of go-ethereum exactly. Despite go-ethereum having an outstanding track record when it comes to security, the procedure was so effective that it wasn’t just instrumental in asserting the correctness of the Telos EVM, but also found a high severity issue in go-ethereum.
