{"id":17566,"date":"2026-02-23T08:48:31","date_gmt":"2026-02-23T08:48:31","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/02\/23\/audit-results-for-the-pectra-system-contracts\/"},"modified":"2026-02-23T08:48:31","modified_gmt":"2026-02-23T08:48:31","slug":"audit-results-for-the-pectra-system-contracts","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/02\/23\/audit-results-for-the-pectra-system-contracts\/","title":{"rendered":"Audit Results for the Pectra System Contracts"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">The security of the Ethereum protocol is continually being improved, and one recent effort is the external security review of the Pectra System Contracts.<\/p>\n<p class=\"chakra-text css-gi02ar\">The results of this review can be found in the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/audits\">audits repository<\/a>, and the TL;DR is that all discovered issues deemed relevant or important from these reviews have been addressed.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"audit-scope-and-methodology\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"audit scope and methodology permalink\" href=\"#audit-scope-and-methodology\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Audit Scope and Methodology<\/h2>\n<p class=\"chakra-text css-gi02ar\">The Pectra System Contracts encompass several EIPs (EIP-2935, EIP-7002, and EIP-7251), and reviews were primarily done to:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">Evaluate the contracts for potential attack vectors.<\/li>\n<li class=\"css-0\">Ensure that the contract logic accurately implements the intended functionality as per the EIP specifications.<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">A multi-phase approach was taken, with each audit building upon the findings of previous ones:<\/p>\n<ol role=\"list\" class=\"css-vgl4zd\">\n<li class=\"css-0\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/audits\/blob\/master\/Pectra\/2025_02_04_Final_Ethereum_Foundation_Collaborative_Audit_Report.pdf\">Blackthorn Audit<\/a><\/li>\n<li class=\"css-0\">Dedaub Audits\n<\/li>\n<li class=\"css-0\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/audits\/blob\/master\/Pectra\/Plainshift%20EF%20Pectra%20Audit.pdf\">PlainShift Audit<\/a><\/li>\n<li class=\"css-0\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/audits\/blob\/master\/Pectra\/Sigma_Prime_Ethereum_Foundation_Pectra_System_Contracts_Bytecode.pdf\">Sigma Prime Audit<\/a><\/li>\n<\/ol>\n<p class=\"chakra-text css-gi02ar\">Between each review, code improvements were made before proceeding to the next round of audits.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"formal-verification\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"formal verification permalink\" href=\"#formal-verification\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Formal Verification<\/h2>\n<p class=\"chakra-text css-gi02ar\">In addition to the security reviews listed above, a16z conducted a <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/daejunpark\/sys-asm-halmos\">Formal Verification using Halmos<\/a>.<br \/>\nThey used <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/a16z\/halmos\">Halmos<\/a> to formally verify the functional correctness of these contracts. This specifically focused on whether the bytecode aligned with the spec, rather than evaluating the security of the spec itself against potential abuse or malicious use. This separation of concerns allows auditors and the community to review the spec without worrying about low-level bytecode implementation details.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"next-steps\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"next steps permalink\" href=\"#next-steps\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Next Steps<\/h2>\n<p class=\"chakra-text css-gi02ar\">The full reports can be found in the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/audits\/tree\/master\/Pectra\">Pectra System Contracts Audits repository<\/a>.<\/p>\n<p class=\"chakra-text css-gi02ar\">A bug bounty competition is currently running on <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/cantina.xyz\/competitions\/pectra\">Cantina<\/a> has rewards of up to $2,000,000 for findings related to Pectra.<\/p>\n<p class=\"chakra-text css-gi02ar\">As always, the security of the Ethereum ecosystem is a collective effort. We extend our gratitude to all the auditors and contributors who have played an important part in this process!<\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2025\/02\/28\/pectra-audit-results\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The security of the Ethereum protocol is continually being improved, and one recent effort is the external security review of the Pectra System Contracts. The results of this review can be found in the audits repository, and the TL;DR is that all discovered issues deemed relevant or important from these reviews have been addressed. Audit [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24],"tags":[],"kronos_expire_date":[],"class_list":["post-17566","post","type-post","status-publish","format-standard","hentry","category-ethereum"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/17566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=17566"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/17566\/revisions"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=17566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=17566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=17566"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=17566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}