2.5 KiB
2.5 KiB
title | code_owner | round | category | repositories |
---|---|---|---|---|
Command Line Interface (CLI) | Zahary Karadjov (zah) | Audit round 3 | Validator Core Audit | nim-beacon-chain, nim-confutils |
Goals
- Ensure that the CLI can handle malicious inputs (overflow, unicode, invalid characters, ...)
- Prevent users from shooting themselves in the foot:
- Avoid losing data
- Avoid losing funds/secrets (overlap with NCC work on secrets acknowledged, more eyes on this critical part is welcome)
- Clear instructions:
- With a focus on the workflow to stake ETH
- See the book
- https://medalla.launchpad.ethereum.org/
Code
- All conf options: https://github.com/status-im/nim-beacon-chain/blob/nbc-audit-2020-1/beacon_chain/conf.nim
- Makefile with preset build/run configuration: https://github.com/status-im/nim-beacon-chain/blob/nbc-audit-2020-1/Makefile
The key binaries with a CLI are:
- beacon_node.nim which is configured by the BeaconConf type
and can be compiled with
make beacon_node
- validator_client.nim which is configured by
make validator_client
- deposit_contract.nim which allows to make a ETH1 deposit
Secret keys
TODO
- Address with Goerli ETH to test the deposit contract and ETH2 keystore generation
- ETH2 validator enabled on Medalla to test the beacon_node / validator_client
Related audit reports
Trail of bits audit of the Ethereum Foundation deposit contract:
https://github.com/status-im/nim-beacon-chain/issues/1320 ← also relevant for walletfile generation (even though the file is encrypted and usually in an ACL protected subpath (userdir); but its world readable + may leak info about wallets)