Telos EVM Uncovers Severe Security Vulnerability in Ethereum

While auditing the Telos EVM smart contract, Guido Vranken of Sentnl discovered a security vulnerability in the original, Go Ethereum (Geth) code. This is a critical find for the DeFi & blockchain space, and the Telos EVM team is grateful to have such a talented group of programmers securing our own EVM.

This morning, Geth issued a hot fix titled Hades Gamma (v1.10.8). Within the report, they noted that it was found by Guido Vranken while “working for Sentnl during an audit of the Telos EVM.” It’s extremely rare that a programmer finds an exploit like this in the original Ethereum EVM, as it consistently undergoes vigorous auditing. So, this news speaks volumes about the Sentnl auditing agency and the level of professionalism involved in the Telos EVM.

 

Speaking to the news, Douglas Horn, Chief Architect of the Telos Core Developers noted, “We were diligent in our selection process, in picking Sentnl to audit the Telos EVM code. We wanted the best around and it's gratifying to see such a clear demonstration that we made the right choice.”

“Telos EVM intends to make a major contribution to the EVM space and we're glad that our project is already leading to meaningful improvements to the Ethereum and DeFi worlds,” Horn stated. “People should also feel very confident that the most thorough standard of code review has gone into Telos EVM, thanks to Sentnl."

It’s one thing to find a bug in a derivative or layer 2 EVM, but it is a much bigger feat to discover a vulnerability of this level in the original Ethereum EVM code. This demonstrates that the Telos EVM is not simply undergoing your normal, cookie cutter code tests. Users, developers, and projects can have peace of mind that we brought in the most qualified team for the job.

Going into detail on how he discovered the vulnerability, Vranken stated “In order to find vulnerabilities in the Telos EVM, I engaged in deep and rigorous fuzzing, and verified that its behavior matched that of go-ethereum exactly. Despite go-ethereum having an outstanding track record when it comes to security, the procedure was so effective that it wasn't just instrumental in asserting the correctness of the Telos EVM, but also found a high severity issue in go-ethereum."

The entire EVM and DeFi space owes a debt of gratitude to Vranken and the rest of the Sentnl team for their dedicated work in the security and success of our industry. We are excited to have such a talented team partnered with the Telos EVM as we get closer to mainnet launch.

Go Ethereum (geth) -  geth.ethereum.org


Go Ethereum is one of the three original implementations (along with C++ and Python) of the Ethereum protocol. It is written in Go, fully open source and licensed under the GNU LGPL v3.


Telos EVM -  telos.net/evm

The fastest most scalable iteration of the Ethereum Virtual Machine (EVM) and its currently nearing the final stages of auditing before release on Telos Mainnet. Telos EVM provides a high throughput alternative to Ethereum mainnet that is affordable and usable to the masses.