Creator
Created
Mar 14, 2024 12:42 PM
Resources:
- Spec: FIP-0086
- Design doc:
- Implementation: go-f3
- Roadmap: instagantt
- Targetting nv23, code freeze on 9 May
- Audits
- External (Least Authority)
- Theory + go-f3: starting 11 Mar
- Integration: possibly Apr if good lotus-familiar auditor, possibly not happening
- Internal
- This document
- Given timelines, should start ASAP and overlap with external
Team:
- Auditors: Guy (3h per day for 2 weeks, until 21st march), Irene [not involved in design]
- Guides: Alejandro, Kuba [involved in design]
- Advisor: Nicola
Audit check list
Review FIP (5 days) https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0086.md
Integration (GPBFT <> EC)
Review changes to the fork rule
Review changes in EC if any
Review guarantees expected from EC if any
Evaluate failure modes
Analyze edge cases: EC slowdown, GPBFT slowdown
- Not in scope: “Test cases” section
Review theory (5 days)
Review liveness and safety
Review security threshold (50+% 30+%)
Review relationship with drand
Filecoin-specific attacks (5 days)
Review WindowPoSt apocalypse
- Not in scope in this audit:
- Review TLA+ (currently out of sync).
- Protocol implementation review (go-f3) (5 days - late April)
- Good use of randomness, signatures
- Potentially bring in someone new (Rod, Masih?)