Our Focus

The EEA EthTrust Security Levels Working Group specifies "EEA EthTrust Security Levels", a set of requirements for security audits of Ethereum smart contracts to ensure an industry-wide level of quality for security audits. This provides three levels of certification that give progressively stronger reassurance about the security properties of a smart contract or set of contracts intended to be deployed on an Ethereum blockchain.

The specification provides minimum standards that securits should meet. Security auditors will generally offer review and additional services beyond the common base required for EthTrust Security Levels.

EEA has published version 2 of the specification as an EEA specification, which supersedes version 1. The Working Group is now working on a revised version to be published probably in early 2025, as well as relevant supporting materials.

The Working group is also working on a set of extensions to the widely-used STIX standard, to enable easier and more effective use of reporting attacks with information specifically relevant to DeFi and the Blockchain ecosystem. That work takes place in public, through the Web3 STIX Telegram Channel and the Defi for STIX Github repository.

Resources

EthTrust Security Levels Specification



EEA EthTrust Security Levels Specification Version 2

EEA Specification. Edited by Chaals Nevile. URL: https://entethalliance.org/specs/ethtrust-sl/v2/. Published 13 December 2023.

Checklist for EEA EthTrust Security Levels Specification Version 2

A quick reference to the requirements and good practices defined in the EEA EthTrust Security Levels Specification. https://entethalliance.org/specs/ethtrust-sl/v2/checklist.html

EEA EthTrust Security Levels Specification Version 1

EEA Specification. Edited by Chaals Nevile. URL: https://entethalliance.org/specs/ethtrust-sl/v1/. Published 22 August 2022.

Latest Editors' Draft

EEA EthTrust Security Levels Specification v-after-2. Work in Progress. Edited by Chaals Nevile. URL: https://entethalliance.github.io/eta-registry/security-levels-spec.html. Updated as the group agrees to changes (approximately every two weeks).

The Editors' draft is a publicly available snapshot of the group's latest thinking. However, it is subject to change and should only be referenced as Work in Progress.

How to Contribute

For information on how to join the group, see "Contact Us" below:

EthTrust Specifications & Guidelines Development

The working group collaborates to develop the specification for EthTrust certification. You can contribute by joining EEA and getting involved in our weekly calls and by writing, reviewing and providing feedback on the draft specification.

DeFi extensions for STIX

To participate in tthis work, including writing conformance tests, developing proof of concept for existing or new proposals, please join the Web3 STIX Telegram Channel and the Defi for STIX Github repository.

Chairs

Chris Cordi

Contact Us

Non-EEA Members:

If you are interested in the work of the EEA EthTrust Security Levels WG and would like to contribute, please contact EEA Membership.

EEA Members:

Please contact EEA Secretariat, or your EEA Member Council representative.