Cantina x Ethereum Foundation: High-signal Security Reviews from the $2M Pectra Competition
Ethereum’s Pectra upgrade is a pivotal milestone in the ecosystem’s ongoing evolution. Following Dencun, Pectra introduces sweeping enhancements across validator operations, transaction processing, and protocol design. It consolidates over a dozen Ethereum Improvement Proposals (EIPs), impacting nearly every layer of Ethereum’s architecture.
In preparation for this upgrade, the Ethereum Foundation launched the Pectra Security Competition on Cantina - a multi-repository initiative aimed at rigorously validating the codebases that would run Pectra in production. Each participating client or specification repository represented a distinct competition, and researchers could contribute across any or all of them. Submissions were judged based on technical depth, relevance to the upgrade, and value to the Ethereum ecosystem.
Cantina was selected to operate as a lead coordination partner. Through the Cantina Code platform, researchers submitted in-depth reports across twelve repositories, including all major execution and consensus clients, as well as the Ethereum protocol specifications themselves. This was one of the most extensive and collaborative client-layer reviews in Ethereum’s history, a joint effort between organizations, the Ethereum Foundation, and Cantina’s distributed network of elite security researchers.
The Pectra competition has reached completion, marking one of the most significant security efforts. All reports have been finalized, below being a detailed breakdown of the work delivered.
What the Pectra Upgrade Introduced
Pectra included numerous protocol-level improvements designed to optimize Ethereum’s scalability, flexibility, and validator performance:
- EIP-6110 moves validator deposits to the execution layer for more efficient inclusion
- EIP-7702 introduces a new transaction type for externally owned accounts (EOAs)
- EIP-7251 increases the maximum staking limit per validator
- EIP-2537 adds cryptographic precompiles for BLS12-381 curve operations
Each of these proposals impacts how clients interact with the chain, verify transactions, and manage state. The competition focused on reviewing how these proposals were implemented across the ecosystem, from client-specific logic to protocol-wide specification adherence.
How the Competition Was Structured
The competition was organized into independent repositories on GitHub, each representing a participating implementation or specification:
- 5 Execution Clients: Geth, Erigon, Reth, Nethermind, Besu
- 6 Consensus Clients: Lighthouse, Teku, Prysm, Lodestar, Nimbus, Grandine
- 1 Core Specification Repo: Ethereum Protocol Specs including execution layer, consensus layer, EIPs, and sys-asm
Cantina operated within each of these scopes, providing a structured pipeline for review, validation, and submission. The competition ran in parallel with active development, making real-time coordination and frequent repository syncing essential. Client teams responded quickly to clarifications and technical feedback, reinforcing the open collaboration ethos that defines Ethereum development.
Full Report Index
The following index includes all submitted reports from Cantina, with links to each:
Ethereum Protocol Specifications
Reviewed: Execution and consensus specs, sys-asm, and EIP logic
Go Ethereum (Geth)
Reviewed: Transaction type logic, EIP-7702 support, mempool updates
Erigon
Reviewed: Transaction parsing, calldata handling, precompile interaction
Reth
Reviewed: Fee computation, state access logic, transaction formatting
Nethermind
Reviewed: Deposit integration, syncing behavior, state transition rules
Besu
Reviewed: Execution state logic, validator deposit inclusion
Lighthouse
Reviewed: Epoch transitions, validator lifecycle, fork compatibility
Teku
Reviewed: Beacon block processing, validator queue alignment, fork digest
Prysm
Reviewed: Execution payload behavior, blob logic, withdrawal queue behavior
Lodestar
Reviewed: Attestation processing, spec consistency
Nimbus
Reviewed: State transitions, sync logic, gossip behavior
Grandine
Reviewed: Validator set initialization, consensus rule application
Ethereum-Grade Collaboration
This campaign reflected a shared commitment to ecosystem security. Cantina worked alongside the Ethereum Foundation and the client teams to deliver on the technical requirements of this moment. The structure of the competition enabled parallel participation, community alignment, and live feedback. Every client benefited from review, and every repository received findings that directly supported the stability of the release.
This comprehensive initiative builds on a multi-year collaboration between Cantina and Ethereum Foundation. From one-off reviews to protocol-scale competitions, the shared focus has remained consistent: delivering credible, public-facing security work that reflects the maturity and resilience of Ethereum.
The Road Ahead
The scale and depth of the Pectra competition set a new precedent for competitive security research. As Ethereum continues to evolve, Cantina remains committed to supporting open coordination, high-signal review, and deep alignment across protocol and organization development.
Looking to run a competition or a tailored security narrative with this level of rigor and exposure? Contact us to explore a collaboration for your next milestone release.