4.5 KiB
4.5 KiB
NBC Audit 2020
This folder contains the description, tasks and scope of Nimbus audit pre-mainnet launch.
RFP:
The audit was done in 3 phases, related branches are:
- https://github.com/status-im/nimbus-eth2/tree/nbc-audit-2020-0
- https://github.com/status-im/nimbus-eth2/tree/nbc-audit-2020-1
- https://github.com/status-im/nimbus-eth2/tree/nbc-audit-2020-2
The audit involved 3 vendors:
- Consensys Diligence: https://consensys.net/diligence/
- NCC: https://www.nccgroup.com/
- Trail of Bits: https://www.trailofbits.com/
Outline
Module | Repository | Audit round | Category |
---|---|---|---|
Wire encryption | nim-crypto, nim-libp2p, nim-bearssl | Round 1 | Network Core Audit |
Ethereum 2 Request/Response protocol | nimbus-eth2, nim-faststreams, nim-serialization | Round 1 | Network Core Audit |
Discover Protocol (discv5) | nim-eth | Round 1 | Network Core Audit |
SSZ - (De)serialization & tree hashing | nimbus-eth2 | Round 2 | Network Core Audit |
Block/attestation signing | nimbus-eth2, nim-blscurve | Round 2 | Validator Core Audit |
Peer pool management | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
Block Synchronization | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
Fork choice logic | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
Reward processing | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
Eth1 data processing | nimbus-eth2, nim-web3 | Round 2 | ETH2 Specification Core Audit |
Epoch finalisation and justification | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
Signature verification | nimbus-eth2, nim-blscurve | Round 2 | ETH2 Specification Core Audit |
State transition logic | nimbus-eth2 | Round 2 | ETH2 Specification Core Audit |
Publish/Subscribe protocol (gossipsub) | nim-libp2p | Round 4 | Network Core Audit |
Command Line Interface (CLI) | nimbus-eth2, nim-confutils | Round 3 | Validator Core Audit |
RPC API | nimbus-eth2, nim-json-rpc | Round 3 | Validator Core Audit |
Accounts management & key storage | nimbus-eth2 | Round 3 | Validator Core Audit |
Slash-prevention mechanisms | nimbus-eth2 | Round 3 | Validator Core Audit |
Attestation processing and production | nimbus-eth2 | Round 3 | ETH2 Specification Core Audit |
Block processing and production | nimbus-eth2 | Round 3 | ETH2 Specification Core Audit |