# EIP-4788 Contract Audit Request ## Context The Ethereum Foundation is soliciting proposals for an audit of the smart contract bytecode to be deployed as part of [EIP-4788](https://eips.ethereum.org/EIPS/eip-4788). A recent specification change, implemented in [this pull request](https://github.com/ethereum/EIPs/pull/7456), has changed the contract storing Beacon Roots from a precompile to a regular smart contract, which would either be deployed prior the EIP's activation or as part of its associated network upgrade. ## Audit Requirements The audit should focus **exclusively** on the smart contract bytecode used to store Beacon Roots, referenced in the pull request above. It **should not** encompass all of EIP-4788 (for example, how the beacon roots are passed from the EL to the CL), or client implementations of the EIP, including their interactions with the contract. An [etk](https://github.com/quilt/etk) implementation of the contract can be found in this repository: https://github.com/lightclient/4788asm The audit should validate whether the contract bytecode meets the functionality described in the EIP ([see the diff](https://github.com/ethereum/EIPs/pull/7456/files#diff-8e3f79bb190496941350728d7a0254c2090bea9049db35245dbe1b206f3bcec7R82)), specifically that the `set` and `get` functions safely enabling the storage and querying of `timestamp` and beacon roots. The audit should also highlight any potential security vulnerabilities associated with the contract, both as part of its normal utilisation and by malicious users. If and where applicable, the audit should ideally propose fixes or improvements to the contract (byte)code. ## Proposal Submission To submit a bid for the audit, please email your proposal to [email protected] with the subject like "EIP-4788 Contract Bytecode Audit" by August 21, 2023. Proposals should include a summary of work to be performed, a timeline for completion of the audit, and a price for the engagement. Proposals will be judged on technical expertise, possible start dates, and cost, at the discretion of the Ethereum Foundation. Ideally, auditors could begin work on the project 1-3 weeks after the proposal is confirmed, and deliver a preliminary report within 1-2 weeks. Accepted proposals will be confirmed by August 29, 2023 at the latest.