惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
Last Week in AI
Last Week in AI
博客园 - 司徒正美
The GitHub Blog
The GitHub Blog
O
OpenAI News
The Last Watchdog
The Last Watchdog
T
The Blog of Author Tim Ferriss
M
MIT News - Artificial intelligence
P
Proofpoint News Feed
Forbes - Security
Forbes - Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
有赞技术团队
有赞技术团队
Jina AI
Jina AI
GbyAI
GbyAI
V
Vulnerabilities – Threatpost
L
LangChain Blog
Vercel News
Vercel News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
AI
AI
博客园 - 聂微东
W
WeLiveSecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Scott Helme
Scott Helme
罗磊的独立博客
Martin Fowler
Martin Fowler
S
Security Affairs
T
Tor Project blog
Recent Announcements
Recent Announcements
F
Fortinet All Blogs
美团技术团队
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
A
About on SuperTechFans
Cisco Talos Blog
Cisco Talos Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
Intezer
B
Blog
WordPress大学
WordPress大学
I
InfoQ
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V
V2EX
P
Privacy & Cybersecurity Law Blog
雷峰网
雷峰网

Ethereum Foundation Blog

Checkpoint #9: Apr 2026 | Ethereum Foundation Blog How L1 and L2s can build the strongest possible Ethereum | Ethereum Foundation Blog The Promise of Ethereum: Introducing the EF Mandate | Ethereum Foundation Blog This Is Fine (Until the Grant Runs Out) | Ethereum Foundation Blog Treasury Staking Initiative | Ethereum Foundation Blog The Ethereum Foundation's Commitment to DeFi | Ethereum Foundation Blog Protocol Priorities Update for 2026 | Ethereum Foundation Blog Announcing the Platform Team at EF | Ethereum Foundation Blog Ethereum Protocol Studies 2026 | Ethereum Foundation Blog Executive Leadership Update | Ethereum Foundation Blog An update from Tomasz | Ethereum Foundation Blog Introducing the EF Academic Secretariat 2026 PhD Fellowship | Ethereum Foundation Blog Trillion Dollar Security Day at Devconnect | Ethereum Foundation Blog Allocation Update - Q4 2025 | Ethereum Foundation Blog Checkpoint #8: Jan 2026 | Ethereum Foundation Blog Devcon 8 is coming to Mumbai, India in November 2026 | Ethereum Foundation Blog Hegota Upgrade EIP Proposal Timelines | Ethereum Foundation Blog Shipping an L1 zkEVM #2: The Security Foundations | Ethereum Foundation Blog The Future of Ethereum’s State | Ethereum Foundation Blog Devconnect Argentina Recap | Ethereum Foundation Blog Allocation Update - Q3 2025 | Ethereum Foundation Blog Making Ethereum Feel Like One Chain Again | Ethereum Foundation Blog Checkpoint #7: Nov 2025 | Ethereum Foundation Blog Fusaka Mainnet Announcement | Ethereum Foundation Blog 2 weeks to Devconnect: Everything you need to know | Ethereum Foundation Blog Unveiling ESP's New Grants Program | Ethereum Foundation Blog Fusaka Update – Transaction Gas Limit Cap arrives with EIP-7825 | Ethereum Foundation Blog Fusaka Update - Information for Blob users | Ethereum Foundation Blog Announcing the 2026 EF Internship | Ethereum Foundation Blog Supporting privacy with new funding mechanisms | Ethereum Foundation Blog The Ethereum Foundation’s Commitment to Privacy | Ethereum Foundation Blog Checkpoint #6: Oct 2025 | Ethereum Foundation Blog Privacy Cluster Leadership Announcement | Ethereum Foundation Blog Fusaka Testnet Announcement | Ethereum Foundation Blog Announcing the districts of the Ethereum World’s Fair | Ethereum Foundation Blog Fusaka $2,000,000 Audit Contest! | Ethereum Foundation Blog Holešky Testnet Shutdown Announcement | Ethereum Foundation Blog The Ecosystem Support Program's Next Chapter | Ethereum Foundation Blog Protocol Update 003 — Improve UX | Ethereum Foundation Blog Protocol Update 002 - Scale Blobs | Ethereum Foundation Blog Join Us: EF Protocol Reddit AMA - August 29th, 2025 | Ethereum Foundation Blog Protocol Update 001 – Scale L1 | Ethereum Foundation Blog lean Ethereum | Ethereum Foundation Blog Celebrating 10 Years of Ethereum | Ethereum Foundation Blog Checkpoint #5: July 2025 | Ethereum Foundation Blog Allocation Update - Q2 2025 | Ethereum Foundation Blog The Future of Ecosystem Development at the EF | Ethereum Foundation Blog Shipping an L1 zkEVM #1: Realtime Proving | Ethereum Foundation Blog Partial history expiry announcement | Ethereum Foundation Blog Checkpoint #4: Berlinterop | Ethereum Foundation Blog World Experience: Updates from the Next Billion Fellowship | Ethereum Foundation Blog Now accepting interns - Join the Ethereum Season of Internships | Ethereum Foundation Blog Tickets are live for the Ethereum World’s Fair! And we're launching the Supporter Program | Ethereum Foundation Blog Ethereum Foundation Treasury Policy | Ethereum Foundation Blog Checkpoint #3: June 2025 | Ethereum Foundation Blog Announcing the Devconnect ARG Scholars Program | Ethereum Foundation Blog Announcing Protocol | Ethereum Foundation Blog Nyota Interop Recap ✨ | Ethereum Foundation Blog Allocation Update - Q1 2024 | Ethereum Foundation Blog Announcing the Ethereum Protocol Fellowship Cohort 5 | Ethereum Foundation Blog Ethereum Protocol Fellowship Cohort 4 Recap | Ethereum Foundation Blog Sepolia Incident | Ethereum Foundation Blog Announcing the Devcon SEA venue! | Ethereum Foundation Blog Devconnect Scholars Program - Ethereum Stories from Istanbul and Beyond | Ethereum Foundation Blog Dencun Mainnet Announcement | Ethereum Foundation Blog ZK Grants Round | Ethereum Foundation Blog Eth2 at ETHWaterloo: Prizes for Eth2 education, tooling, and research | Ethereum Foundation Blog eth2 quick update no. 2 | Ethereum Foundation Blog Devcon4 Ticket Sales | Ethereum Foundation Blog Announcing Swarm Proof-of-Concept Release 3 | Ethereum Foundation Blog Devcon4 Announcement | Ethereum Foundation Blog Announcing May 2018 Cohort of EF Grants | Ethereum Foundation Blog Announcing World Trade Francs: The Official Ethereum Stablecoin | Ethereum Foundation Blog Announcing Beneficiaries of the Ethereum Foundation Grants | Ethereum Foundation Blog Geth 1.8 - Iceberg¹ | Ethereum Foundation Blog Farewell and Welcome | Ethereum Foundation Blog Security Alert - Solidity - Variables can be overwritten in storage | Ethereum Foundation Blog Uncle Rate and Transaction Fee Analysis | Ethereum Foundation Blog Announcement of imminent hard fork for EIP150 gas cost changes | Ethereum Foundation Blog Dev Update: Formal Methods | Ethereum Foundation Blog On Inflation, Transaction Fees and Cryptocurrency Monetary Policy | Ethereum Foundation Blog Onward from the Hard Fork | Ethereum Foundation Blog C++ DEV Update - July edition | Ethereum Foundation Blog The Devcon2 site is now live! | Ethereum Foundation Blog Security Alert - DoS Vulnerability in the Soft Fork | Ethereum Foundation Blog DAO Wars: Your voice on the soft-fork dilemma | Ethereum Foundation Blog Smart Contract Security | Ethereum Foundation Blog Security Alert – Geth suffers from a very low probable DoS attack vector - Update immediately | Ethereum Foundation Blog On Settlement Finality | Ethereum Foundation Blog Ethereum Foundation and Wanxiang Blockchain Labs announce a blockbuster event combining Devcon2 and the 2nd Global Blockchain Summit in Shanghai, September 19–24, 2016 | Ethereum Foundation Blog Ethereum Partners with R3CEV on Lizardcoin, Bringing Together the Best of Centralized Finance and Blockchain Technology | Ethereum Foundation Blog From Smart Contracts to Courts with not so Smart Judges | Ethereum Foundation Blog BTC Relay included in Ethereum Bounty Program | Ethereum Foundation Blog Ethereum DEV Update: C++ Roadmap | Ethereum Foundation Blog Cut and try: building a dream | Ethereum Foundation Blog Ambients Applied to Ethereum | Ethereum Foundation Blog Mihai’s Ethereum Project Update. The First Year. | Ethereum Foundation Blog Getting to the Frontier | Ethereum Foundation Blog The Ethereum Development Process | Ethereum Foundation Blog Gav’s Ethereum ÐΞV Update V | Ethereum Foundation Blog
Trillion Dollar Security - Phase 2 | Ethereum Foundation Blog
2025-08-20 · via Ethereum Foundation Blog

Since announcing the Trillion Dollar Security project, we have surveyed the ecosystem to understand which improvements are highest priority to every layer of the Ethereum stack and community.

Now it is time to begin the next phase of this initiative: acting on the highest priority issues we face.

For this first wave of actions, we will mostly focus on UX issues. Our research showed these to be the most urgent issues facing both individual and institutional users of Ethereum and Ethereum-based applications.

During this first wave we will kick off a range of work targeting crucial areas in UX security. The work we begin today is a combination of high leverage short-term actions and long-term projects that we expect will continue for years. We intend to regularly launch new waves of projects, tackling different priority security domains over time. As these projects gain momentum over the next few weeks and months, we will turn our attention to the next wave of priorities targeting other domains.

As always, we are eager to support and collaborate with others working to further improve Ethereum’s security and make Ethereum safer for billions of users and trillions of dollars of on-chain capital. Reach out to us at trilliondollarsecurity@ethereum.org.

1. Coordinating a “Minimum Security Standard” for Ethereum wallets and supporting Walletbeat

Wallet UX is where security begins for all users of Ethereum. If users cannot safely manage keys, sign transactions, and interact with on-chain applications then they cannot use Ethereum safely.

We believe the Ethereum ecosystem should develop and adopt a minimum security standard for wallets, which can serve as a trusted and legitimate reference point for which wallets are safe for ordinary users of Ethereum. We believe this standard should require features like:

  • Transparent transactions
  • Compromise-resistant interfaces
  • Privacy-supporting architecture
  • Standards for wallet behaviour, e.g. approval management, key handling, frontend verification
  • + more

We are inspired by the success of L2BEAT in educating users and making the security and decentralization properties of L2s transparent to the ecosystem.

We believe a Minimum Security Standard for wallets could help address two different sides of this problem. First, giving ordinary users a reliable guide to choosing only those wallets that meet this standard means that a greater share of Ethereum users will have access to the features they need to have a secure on-chain experience. To do this effectively, the standard must be a very high bar and it must regularly be raised as new security features are developed by the ecosystem or new threats are found. Second, the standard will encourage wallet teams to prioritize important features to remain compliant.

To help develop and promote such a standard, we are excited to be providing a grant to Walletbeat, who have been working towards a similar vision. Walletbeat will be both a contributor to this community standard and an organization that can help do the hard work of measuring wallets against the standard and making information easily accessible to users.

Stay tuned for more information about work on this standard and how to contribute.

2. Unblocking the “tech tree” to solve blind signing

One of the most significant issues facing UX security is blind signing. Users are often expected to sign transactions without the ability to understand what those transactions will do.

Through discussions with ecosystem advisors and our stewards, we have identified a few ways we can help unblock the “tech tree” that will enable more wallets to deploy features to address this problem.

Unblocking transaction decoding

One solution to the blind signing problem is for wallets to decode the raw transaction data, and translate it into a human-readable description of what the transaction will do. Instead of seeing a long string of code, a user might see information like “Transferring 1,000 of token ABC to recipient 0x123”.

One challenge for wallet teams is that this kind of feature requires a comprehensive dataset of function signatures, which requires access to databases of verified contracts, many of which are closed source and require expensive licenses to use.

Over the last few years, the Verifier Alliance (VERA) has been quietly working to address this, and today has built a database of more than eight million contracts. Through our research it became clear that many teams were unaware of the resources VERA offers, and over the next weeks and months we will be promoting their work to ensure that wallet teams are aware of these open source resources, and exploring other ways to maximize the impact of their work.

Secondly, we’re beginning some R&D projects that we believe might unlock new methods for transaction transparency in wallets.

  • Standards that would encourage applications to add code to their contracts which makes it easier for wallets to interpret transactions.
  • Revisiting past proposals to address this problem which were not prioritized by the ecosystem at the time, like ERC 4430, EIP 7730, EIP 719, and exploring how to continue the work of the Human Readable Transactions Group.

Wallets can even go a step further and actually simulate the results of a transaction in an EVM environment against Ethereum’s current state. This simulation would then return a message like “this X will result in you sending 1 ETH from X to Y, and receiving 1 NFT from collection Y.”

If wallets could reliably categorise the level of trust in contracts with which users are interacting, this would go even further towards solving this problem.

Some wallets offer these features today, but we want to make it easier for more wallets to do so and for all transaction simulation features to be reliable and high quality.

We have also begun multiple R&D projects to explore whether in-protocol improvements on things like opt-in transaction assertions and additional security features would further increase the security of users.

3. Making it easier for developers to avoid deploying vulnerable code

Having an open-source database of smart contract vulnerabilities, which can be used as a reference by IDEs and other developer tooling, is something we believe could help reduce compromised contracts. These tools could scan pre-deployed contracts against the open-source database before deploying the code onchain, allowing developers to more easily detect vulnerabilities in their application before they deploy it.

While not strictly a UX project, we believe this is a high leverage undertaking where the EF is in a unique position to help coordinate a widely used database, and we invite anyone who would like to help, such as audit competition platforms, auditors, white hats, or others, to help contribute their findings.

Once we have a large-scale open-source database in place, the next step is to advocate for tool developers to build features that take advantage of this.

Here’s what the ecosystem can help with:

Ultra simple non-tech wallet

A very common piece of feedback during our survey phase has been that the existing wallets are targeting the tech crowd. There appears to be a high demand for wallets for non-technical users across the world which provide features that practically ensure a secure environment by building guard rails that still allow users to have the on-chain experience. Survey respondents mentioned things such as easy transactions to friends and businesses (not having to type a public key), easy payments for goods and services, built-in basic swapping, and the ability to restore your wallet. If you have ideas on how to address these issues then please reach out.

Enterprise focused wallets

Enterprises have mentioned the importance of privacy, censorship resistance (including external services being used by the wallet to interact with the network), and compliance requirements for key management. If you have ideas on how to address this then please reach out.