[deprecated] F3 Theory Audits

[deprecated] F3 Theory Audits

Creator

Nicola

Created

Mar 6, 2024 1:52 PM

Background

Targetting nv23, code freeze on 9 May

Audits

External (Least Authority)

Theory + go-f3: starting 11 Mar
Integration: possibly Apr if good lotus-familiar auditor, possibly not happening

Internal

This document
Given timelines, should start ASAP and overlap with external

Internal audit

Team (tentative)

Auditors: Guy, Irene [not involved in design]
Guides: Alejandro, Kuba [involved in design]
Advisor: Nicola

Phases

GossiPBFT (10 days - ASAP)

Phase 1: Review theory

Review liveness and safety
Review security threshold (50+% 30+%)
Review relationship with drand

Phase 2: Review Spec

(2.a) Review FIP https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0086.md
(2.b) Review TLA+?

Currently out of sync. Are we updating TLA+ to match current spec?

Phase 3: F3 integration (GPBFT <> EC) (5 days)

Review changes to the fork rule
Relation with EC

Review changes in EC if any
Review guarantees expected from EC if any

Evaluate failure modes

Analyze edge cases: EC slowdown, GPBFT slowdown

Phase 4: Filecoin-specific attacks (5 days)

Review WindowPoSt apocalypse

Phase 5: Protocol implementation review (go-f3) (5 days - late April)

Good use of randomness, signatures
Potentially bring in someone new (Rod, Masih?)

[Guy - Irene] Meeting Notes, 12 March

Guy’s availability: ~ 2 days in this and the next week
Discussed what is the exact request

Irene’s concern:

what “review theory” means? is there any other doc (beyond the FIP) we need to review?

Guy’s answer: no, likely no other doc

We agree that we should proceed in a similar way to “conference peer review”:

independently read the fip, each one writes comments, concerns (short informal report)
then (~1 week from now), we compare notes and come up with a final report

About the different phases of the audit:

We will start with phase 2 (not phase 1)

(likely phase 1 will not be needed once phase 2 is complete)