github serenita-org/vero v1.4.0
on GitHub

5 hours ago

Vero v1.4.0 introduces block proposal improvements, new CLI flags, and addresses findings from a recent security assessment.

🦀 Block Proposals

Block proposal handling has been significantly upgraded, resulting in better performance and a future-proof block architecture.

  • The pipeline now uses Rust under the hood, powered by Grandine’s highly efficient SSZ libraries.
  • Vero now defaults to SSZ encoding for block proposal–related API requests.
    • JSON remains available for debugging via --force-json-wire-format

🔎 Spec Verification

On startup, Vero verifies that the spec values it ships with match those returned by connected beacon nodes. This ensures Vero is configured for the correct network and fork schedule.

Not all mismatches indicate misconfiguration. For example, a beacon node may not yet support a newly introduced parameter such as ATTESTATION_DUE_BPS. In such cases, preventing startup would be undesirable.

You can now instruct Vero to ignore mismatches by providing the --ignore-spec-mismatch CLI flag.

🔒 Security Assessment Findings

A security assessment of Vero’s critical components was conducted recently by Sigma Prime.

  • All findings have been addressed in this release
  • No high or critical severity issues were identified
  • The full report will be published separately

Related breaking changes:

  1. Doppelganger detection

    To improve the reliability of the doppelganger detection feature, Vero now retrieves validator liveness data from all connected beacon nodes. (In previous versions, Vero only used the first beacon node).

    If you're using the doppelganger detection feature ( --enable-doppelganger-detection ) ensure Vero can poll validator liveness data from all connected beacon nodes. Some client implementations require additional CLI flags for this:

    Client Flag
    Grandine --track-liveness
    Teku --beacon-liveness-tracking-enabled=true

🔑 Keymanager API

  1. Token File Permissions (Breaking Change)

    The Keymanager API token file now requires owner-only permissions (600).

    Action required:

    • If using Eth Docker, upgrade to v26.4.1 (2026-04-19) or later - it will take care of this change automatically
    • Otherwise:
      • Update file permissions manually to 600, or
      • Delete the existing token file and let Vero recreate it on startup

  2. Error Response Codes

    Keymanager API error responses have been standardized as a result of resolving ambiguity around 404 status codes.

    In this Vero release you may receive status code 404 (or 400) in cases where previously status code 500 was returned.

    If your integration depends on previous behavior, please review the changes and update accordingly.

🧪 Experimental Integrations

A special shoutout to the remote-signer-dirk-interop project which provides early support for using Vero with the Dirk remote signer.

How it works:

  • Runs as a lightweight HTTP service implementing the standard Ethereum Remote Signing API (compatible with Web3Signer)
  • Receives signing requests from Vero
  • Forwards those requests to a Dirk signer, acting as a translation/proxy layer

Changes included in this release

Features

  • Log number of validators during initialization by @eth2353 in #272
  • Add --ignore-spec-mismatch flag by @eth2353 in #269
  • Use Grandine's SSZ crates for block proposal flow by @eth2353 in #281
  • Disable remote signer health polling task if endpoint not supported by @eth2353 in #306

Bug Fixes

  • Fix AggregateAndProofV2 signing request format by @eth2353 in #307

Maintenance

Full Changelog: v1.3.3...v1.4.0

Check out latest releases or
releases around serenita-org/vero v1.4.0

Don't miss a new vero release

NewReleases is sending notifications on new releases.

Get notifications