_This is a work in progress. Feedback / suggestions etc please provide in the comment field and I will update._
As per 2.2 of Sep 25 Governance meeting, it is desired that Grin undergoes thorough audits by third parties external to the project. The functionality of the protocol and applied cryptography should be reviewed, as well as the actual code of the implementation. Both academic or publicly funded researchers and institutions should be invited to participate, as well as private contractors.
| Name | Accepts crypto? | Requires legal entity to contract? | Quote | Description
|---|---|---|---|---|
|NCC| No | Yes | | Notable projects are ZCash on CTs, Ripple, Google.
| Name | Institution | Area | Status
|---|---|---|---|
Dan Boneh | Stanford | Bulletproofs | Does not have time to help |
@bbuenz | Stanford | Bulletproofs | would like to limit the scope to the implementation of Bulletproofs (using the libsecp library)
@cathieyun | Interstellar, formally Chain | Bulletproofs | would like to limit the scope to the implementation of Bulletproofs (using the libsecp library)
Neha Narula | MIT | Audit best practices | circulating it with her team to see who and what they might be able to help with
Mary Maller | University College London | if her work on zk-SNARKs would translate to helping audit Grin | Replied she's not a developer and does not feel she has the skillset for audits.
Andrew Miller | U of Illinois UC| Dandelion | Too busy
Shailesh Bojja Venkatakrishnan| U of Illinois UC| Dandelion | not too familiar with the actual code, so can't help
**@gfanti | Carnegie Mellon| Dandelion | Too busy, won't be able to help
@EthanHeilman | | | Replied that he does like to do audits but no time these days.
Current wide range is 2 weeks (aggressive) to 3 months (with lots of time).
Current thinking: At least entire repo + supporting secp256k1 libs. Potentially base the audit based off of a branch of T4.
For example DDoS, consensus, hidden inflation, privacy leaks, etc.
How should the auditors present their findings?
Perhaps developers doing an initial brief to auditors and hosting Q&As / walkthroughs?
Are the auditors providing progress updates?
Crowd-fund campaign? Auditors paid in crypto? We raise a lump-sum, or break down audits to granular level? etc.
These are the folks from various universities whom I have contacted to date, for what, and status/comments on each:
I also contacted these companies: TrailofBits, Kudelski Security, NCC Group, Coinspect. The only two I have heard back from are NCC and Coinspect:
Also, because this audit will likely cost a fair penny, I've been socializing it with investors to see if there's interest in donating. I think it would be a good example for investors, especially those in the crypto space, to donate to open-source projects which not only help their portfolio companies but protect their investments.
We need to figure out:
Update on audit firms:
I've added info and a few links from the work various firms have done to help in evaluating which firm(s) to choose. I don't have all the info/estimates from everyone yet and so I'll keep updating as I get info.
Do NOT take crypto. They also need an entity to work with.
DO take crypto but they add a 10% premium to their costs for all crypto payments. They seem quite busy at the moment and it takes multiple pings to get responses. Did audit of bulletproofs for Monero w/Quarkslab.
Estimate ~30 days @ $1650/day ($49.5k). Waiting to hear back on whether they accept crypto. Did audit of bulletproofs for Monero w/Kudelski.
They are scoping to provide an estimate. Do NOT accept crypto. They recommended working with OSTIF (https://ostif.org/) as an intermediary organization - I asked for an intro to OSTIF. Recently completed an audit of theQRL (Quantum Resistant Ledger):
Also, update from a couple individuals:
@bbuenz (Stanford) @cathieyun (Interstellar, formally Chain). I asked if they would be willing to help out on signatures and MMR in addition. They'd like to limit the scope to the implementation of Bulletproofs range proofs (using the libsecp library).
Giulia is swamped and won't be able to help audit Dandelion, unfort.
Shailesh not too familiar with the actual code itself for Dandelion so can't help.
Updated ticket to reflect updates above.
Hi guys, been following the project and donated a bit for the security audit a while back (0.00666500). I can ping Trail of Bits on your behalf. They were accepting crypto as recently as this summer. Not sure if policy has changed.
@anadesousa - sure, if you can ping Trail of Bits for an estimate to do the entire code base + crytolib implementations, that'd be great.
OSTIF (https://ostif.org/) will work as a 3rd party. They charge 10% of the total or $10k (whichever is lower) to facilitate the audit contract and cover wiring & exchange fees. They only have exchange accounts on Kraken & Bittrex and so the crypto for the audit will have to be deposited on one of the two. OSTIF says they also have 6 audit teams at their disposal and can ask each to bid on the project.
If the team can discuss preferences, that would be helpful for me to continue discussions with the various audit organizations:
@Catheryne have an estimate from Trail of Bits @ $120K but I think there's room to negotiate. Can I put you in touch directly?
@anadesousa can you please put me in contact w/Trail of Bits? I'm sending the reduced scope out for bid among all the audit firms. Thanks!
I have sent out the reduced scope for bid to all the above security audit companies. The deadline for submitting time and cost estimate bids is 5p Pacific 11/26/18. Work to begin ASAP.
Re: Trail of Bits, a contact from Ethereum Foundation reached out to Dan (CEO), who wrote:
"I have a small amount of spare capacity I can lend them. I'm planning to submit a proposal to them today. I hope it works out!"
So fingers crossed. 馃
I received one responsive bid yesterday from Quarkslab. I have forwarded to @ignopeverell to take a look.
Trail of bits does not have time for a no-notice security review of a cryptographic product right now - their lead time is 2-3 months. NCC needed to get permission from their public report review board and I'm assuming that didn't happen. X41-dsec wrote back that the timeframe doesn't match their schedule. I did not hear back from Kudelski or LondonCrytoServices.
Hi, the aeternity team put quite some effort into a threat model and also published a full review. Both is published here https://github.com/aeternity/aetmodel maybe it helps you.
Most helpful comment
We need to figure out:
Update on audit firms:
I've added info and a few links from the work various firms have done to help in evaluating which firm(s) to choose. I don't have all the info/estimates from everyone yet and so I'll keep updating as I get info.
NCC
Do NOT take crypto. They also need an entity to work with.
Kudelski
DO take crypto but they add a 10% premium to their costs for all crypto payments. They seem quite busy at the moment and it takes multiple pings to get responses. Did audit of bulletproofs for Monero w/Quarkslab.
Quarkslab
Estimate ~30 days @ $1650/day ($49.5k). Waiting to hear back on whether they accept crypto. Did audit of bulletproofs for Monero w/Kudelski.
x-41-dsec
They are scoping to provide an estimate. Do NOT accept crypto. They recommended working with OSTIF (https://ostif.org/) as an intermediary organization - I asked for an intro to OSTIF. Recently completed an audit of theQRL (Quantum Resistant Ledger):
Also, update from a couple individuals:
@bbuenz (Stanford) @cathieyun (Interstellar, formally Chain). I asked if they would be willing to help out on signatures and MMR in addition. They'd like to limit the scope to the implementation of Bulletproofs range proofs (using the libsecp library).
Giulia is swamped and won't be able to help audit Dandelion, unfort.
Shailesh not too familiar with the actual code itself for Dandelion so can't help.