42 lines
4.5 KiB
Markdown
42 lines
4.5 KiB
Markdown
|
# NBC Audit 2020
|
||
|
|
|
||
|
|
This folder contains the description, tasks and scope of Nimbus audit pre-mainnet launch.
|
||
|
|
|
||
|
|
RFP:
|
||
|
|
- https://our.status.im/nimbus-eth2-0-security-audit-request-for-proposal
|
||
|
|
|
||
|
|
The audit was done in 3 phases, related branches are:
|
||
|
|
- https://github.com/status-im/nimbus-eth2/tree/nbc-audit-2020-0
|
||
|
|
- https://github.com/status-im/nimbus-eth2/tree/nbc-audit-2020-1
|
||
|
|
- https://github.com/status-im/nimbus-eth2/tree/nbc-audit-2020-2
|
||
|
|
|
||
|
|
The audit involved 3 vendors:
|
||
|
|
- Consensys Diligence: https://consensys.net/diligence/
|
||
|
|
- NCC: https://www.nccgroup.com/
|
||
|
|
- Trail of Bits: https://www.trailofbits.com/
|
||
|
|
|
||
|
|
Outline
|
||
|
|
|
||
|
|
| Module | Repository | Audit round | Category |
|
||
|
|
| -------------------------------------- | ----------------------------------------------- | ----------- | ----------------------------- |
|
||
|
|
| Wire encryption | nim-crypto, nim-libp2p, nim-bearssl | Round 1 | Network Core Audit |
|
||
|
|
| [Ethereum 2 Request/Response protocol](./eth2_spec_core/attestation_processing_and_production.md) | nimbus-eth2, nim-faststreams, nim-serialization | Round 1 | Network Core Audit |
|
||
|
|
| [Discover Protocol (discv5)](./network_core/discovery_protocol_discv5.md) | nim-eth | Round 1 | Network Core Audit |
|
||
|
|
| [SSZ - (De)serialization & tree hashing](./network_core/ssz_serialization_and_tree_hashing.md) | nimbus-eth2 | Round 2 | Network Core Audit |
|
||
|
|
| [Block/attestation signing](./validator_core/block_attestation_signing.md) | nimbus-eth2, nim-blscurve | Round 2 | Validator Core Audit |
|
||
|
|
| [Peer pool management](./eth2_spec_core/peer_pool_management.md) | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Block Synchronization](./eth2_spec_core/block_synchronization.md) | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Fork choice logic](./eth2_spec_core/fork_choice_logic.md) | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Reward processing](./eth2_spec_core/reward_processing.md) | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Eth1 data processing](./eth2_spec_core/eth1_data_processing.md) | nimbus-eth2, nim-web3 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Epoch finalisation and justification](./eth2_spec_core/epoch_finalization_and_justification.md) | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Signature verification](./eth2_spec_core/signature_verification.md) | nimbus-eth2, nim-blscurve | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [State transition logic](./eth2_spec_core/state_transition_logic.md) | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
|
||
|
|
| [Publish/Subscribe protocol (gossipsub)](./network_core/publish_subscribe_gossipsub.md) | nim-libp2p | Round 4 | Network Core Audit |
|
||
|
|
| [Command Line Interface (CLI)](./validator_core/command_line_interface_CLI.md) | nimbus-eth2, nim-confutils | Round 3 | Validator Core Audit |
|
||
|
|
| [RPC API](./validator_core/rpc_api.md) | nimbus-eth2, nim-json-rpc | Round 3 | Validator Core Audit |
|
||
|
|
| [Accounts management & key storage](./validator_core/account_management_and_key_storage.md) | nimbus-eth2 | Round 3 | Validator Core Audit |
|
||
|
|
| [Slash-prevention mechanisms](./validator_core/slash_prevention_mechanisms.md) | nimbus-eth2 | Round 3 | Validator Core Audit |
|
||
|
|
| [Attestation processing and production](./eth2_spec_core/attestation_processing_and_production.md) | nimbus-eth2 | Round 3 | ETH2 Specification Core Audit |
|
||
|
|
| [Block processing and production](./eth2_spec_core/block_processing_and_production.md) | nimbus-eth2 | Round 3 | ETH2 Specification Core Audit |
|