Two weeks ago, Ethereum researchers met in Berlin to continue charting the protocol's long-term trajectory, following along discussions with client teams in Svalbard in April.
The updated strawmap is at https://t.co/9e2AQ6rhz6, and I attached a picture of it to this post.
My own high-level takeaways:
* "Lean Ethereum" is not a single one-shot upgrade, it is a collection of improvements that will come online to the Ethereum network over the course of three or four years. But make no mistake, this IS the third major iteration of Ethereum in the same way that the Merge was the second. Almost every major piece of the protocol will be replaced:
- Verification through recursive STARKs, rather than direct re-execution. Recursive STARKs become an enshrined first-class core component of the protocol
- Replacing everything quantum-vulnerable with quantum-safe alternatives
- Consensus: decoupled available chain and finality, one or two-round finality. Theoretically optimal security properties, simpler than today, and faster than today
- Multidimensional gas
- State: not just tree structure, but what *types* of state are available
- Changes to client architecture
...
At the same time, simplification, cleanup and future-proofing. And this will all be done in a way that minimizes disruption to existing application. We've done this before (the Merge), we can do it again.
* H-star (aka Hegota) is probably Ethereum's last thematically "pre-Lean" fork. Starting from I-star, most of everything we do will have a very strong "Lean" feel to it in one way or another.
* Privacy is no longer an afterthought, it is a first class goal. When designing Frames, the mempool, additions to the state tree, we explicitly ask the question "okay, how do quantum-safe, intermediary-free privacy protocol transactions go through this, and what is the overhead?"
* Formal verification of everything for security.
* FV also makes us much more comfortable with canonicalization (having pieces of the protocol that are directly defined as a piece of bytecode expressed in some language). evm-asm is being written in part to become a canonical proof system for the EVM.
* Quantum safety has shifted up a LOT in priority. This adds a lot of work (eg. finalizing a quantum-safe blobs design has become urgent; this work has already been ongoing for months)
* Probably the single most disruptive part of the plan is the changes to state. There is growing consensus around leaving present-day-style "dynamic state" mostly unchanged, but scaling it only a medium amount, and adding new types of state that are more scalability-friendly (eg. no need for builders to sync/store all of it) but more restrictive, and that will scale a large amount.
eg. possible Ethereum in 2030: 2 TB of present-day-style (dynamic) state, and 100 TB of new-style (scalable but restrictive) state
This "new-style" state would work very well for ERC20s, NFTs, many defi use cases, but not eg. highly "central" objects like Uniswap contracts, or onchain order books, or other complex things (which are crucial for Ethereum but which only take up a small percentage of state)
Hence, it will not be *necessary* to rewrite any apps, but it will be *very cost-effective* to eg. rewrite an ERC20 token into a newer design that uses a new type of UTXO storage that is currently being explored, so that it will have >10x lower txfees.
Design of these new state types (current ideas: keyed nonces, ring buffers, UTXOs, statically accessible state, temp state) is an area where we will need a lot of feedback from application developers (incl. privacy-friendly application developers) and probably several rounds of rethinking and iteration.
* In the context of a much larger total state size, we need to figure out the incentive issues around who stores this state and what motivates them to. Even saying "each node stores 1%" is not good enough - why do they store that 1% and why are they willing to serve it? This is being elevated as a first-class research area.
* Ethereum will need to have a "VM" other than EVM in one form or another - at the very least, we need something like leanISA for recursive STARKs - and the gains are large in exposing it to users so that we support programmable privacy and better scalability. Right now, the most likely contenders are leanISA and RISC-V.
My own ideal is that in this world, we adjust the protocol so that the EVM becomes a high-level-language compiler-level feature, and the protocol only "sees" RISC-V / leanISA directly. But this is still far away.
* Gas limit increases, blob increases and slot time decreases will happen many times over the next ~5 years. We expect a large gas limit increase with Glasterdam. Each step of increased scale or decreased slot time is a matter of getting to the point where it is safe to do it, which comes from a combination of client optimization and protocol changes.
Ethereum is CROPS.
Ethereum is scaling.
Ethereum is reinventing itself.
Onward.
The wait is over. The Solodit API is now live.
Get instant access to 50,000 smart contract vulnerabilities. Free. No application required.
Here’s what you need to know 🧵
4. yETH ($9M): State cache poisoning; failed to reset virtual balances when supply hit 0.
The protocol optimized gas by caching virtual balances in packed_vbs[] but failed to clear this storage slot when totalSupply emptied, letting new deposits inherit phantom rates.
3. Balancer ($128M): Rounding direction mismatch; batched micro-swaps amplified precision loss.
Inconsistent rounding (down vs. up) between upscale and downscale functions created a wei-level gap that was exploited 65x in a single transaction.
2. Cetus ($223M): 3rd-party lib overflow; valid check but unchecked delta calculation.
The integer-mate library checked the bit-shift for overflow but failed to validate the resulting token cost, allowing the calculation to wrap around to near-zero.
1. Bybit ($1.5B): Off-chain UI injection on a dev machine bypassed the multisig.
The injected frontend code altered the delegatecall parameters in the transaction payload to transfer ownership, while the UI still displayed a routine transfer.
Features:
- CLI tool and importable Go package
- Supports Solidity 0.4.x through 0.8.x
- JSON output compatible with solidity-parser
- Version detection from pragma
- Tolerant mode for partial parsing
Just released a Solidity AST parser written in Go (solast-go). Parse smart contracts to AST, supports Solidity 0.4.x to 0.8.x, works as CLI or Go package.
https://t.co/Yy8HophTNK
34 Auditing Tips to crush it in 2026
- Think in bets
- Constraint behaviour
- If it's hard for you it's hard for everyone
- Seek truth
- Understand it first, then break it
- Building is harder than breaking
- Tools are substitutes for thinking
- A fully understood Low is better than an untested fix
- If it's not tested, it's broken
- AI is a brainstorming tool
- Work with Progressive Escalation
- Understand the meaning of being average
- Formally verify stateless libraries to extract constraints
- There are no easy paths, you have to get better
- Understand when to clamp and when not to
- Rewrite it your way and compare notes
- Peak experiences are like a wave.
- Most Contest winners have a brutal track record
- There's no rush in writing a report and POC
- it's always a very serious deal or just don't bother
- Start with the end in mind
- Read the code until you can't anymore, then try something else
- You don't understand the intensity of reviewing code, until you've seen it
- If you're done before the end of the engagement, you're probably wrong
- Understand your edge and use it to your advantage
- There is no overnight success, only the world catching up to you
- The path to mastery is simple, do the thing with 100% of intention, review the results, learn
- Model people that inspire you
- Forge your own path
- Read about common bugs
- Create your own category defining bugs
- Resting is work
- Be careful about your own biases
- The only constant is you
New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts.
In simulated testing, AI agents found $4.6M in exploits.
The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark: https://t.co/QpGPMqlDRG
🚨Official release: “How to Hack a Web3 Wallet (Legally)” - our full-stack pentesting guide just dropped
Test wallets from infra to UI:
- Supply-chain attacks
- Private key handling
- access control flaws
- XSS & more
If you build or secure wallets, you need to see this🧵: