From a858c5ee4cf77b72dea18b0ba4f1d5cde09fb17b Mon Sep 17 00:00:00 2001 From: Nicolas Gailly Date: Mon, 31 May 2021 09:36:52 +0100 Subject: [PATCH 1/4] Update audit section with reports for SnarkPack --- content/appendix/audit_reports.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md index 32da7c394..0f049eff4 100644 --- a/content/appendix/audit_reports.md +++ b/content/appendix/audit_reports.md @@ -33,6 +33,14 @@ This audit covers the implementation of Filecoin's builtin Actors, focusing on t ## Proofs +### `2021-05-31` SnarkPack audit + +Two externals audits have been contracted on the cryptographic part of [SnarkPack](https://eprint.iacr.org/2021/529.pdf), that is used in the [FIP0009](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0009.md): +- [Report](https://drive.google.com/file/d/1avwxOO6CK_nkX7AVV4P9l6XawNco3-m_/view) from [NCC group](https://www.nccgroup.com/us/) +- [Report](https://hackmd.io/@LIRa8YONSwKxiRz3cficng/B105no8w_) from Matteo Campanelli, a well known cryptography [researcher](https://www.binarywhales.com/) + +One major issue was found in the report by Campanelli where the challenges of each prove commits were not tied to the aggregated proof; this could have led up to malicious miner forge valid aggregated proofs without the individual prove commits. The rest of the issues were of medium to informal severity. + ### `2020-10-20` Filecoin Bellman and BLS Signatures - Report: [**Filecoin Bellman/BLS Signatures Cryptography Review**](https://research.nccgroup.com/wp-content/uploads/2020/10/NCC_Group_ProtocolLabs_PRLB007_Report_2020-10-20_v1.0.pdf) From b6b6ffa8090e2e99d3688a1a7adc3da93cfae446 Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Thu, 31 Oct 2024 15:59:21 +0700 Subject: [PATCH 2/4] Remove broken link to inaccessible security report --- content/appendix/audit_reports.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md index 448a1cdd7..d854a496c 100644 --- a/content/appendix/audit_reports.md +++ b/content/appendix/audit_reports.md @@ -57,8 +57,7 @@ This audit covers the implementation of Filecoin's builtin Actors, focusing on t ### `2021-05-31` SnarkPack audit -Two externals audits have been contracted on the cryptographic part of [SnarkPack](https://eprint.iacr.org/2021/529.pdf), that is used in the [FIP0009](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0009.md): -- [Report](https://drive.google.com/file/d/1avwxOO6CK_nkX7AVV4P9l6XawNco3-m_/view) from [NCC group](https://www.nccgroup.com/us/) +An audit was conducted on the cryptographic part of [SnarkPack](https://eprint.iacr.org/2021/529.pdf), that is used in the [FIP0009](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0009.md): - [Report](https://hackmd.io/@LIRa8YONSwKxiRz3cficng/B105no8w_) from Matteo Campanelli, a well known cryptography [researcher](https://www.binarywhales.com/) One major issue was found in the report by Campanelli where the challenges of each prove commits were not tied to the aggregated proof; this could have led up to malicious miner forge valid aggregated proofs without the individual prove commits. The rest of the issues were of medium to informal severity. From 6b7241df17716ea8e1ed97ed9d9224c306a0325b Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Thu, 31 Oct 2024 16:16:44 +0700 Subject: [PATCH 3/4] Prettier format --- content/appendix/audit_reports.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md index d854a496c..bf81591b1 100644 --- a/content/appendix/audit_reports.md +++ b/content/appendix/audit_reports.md @@ -58,6 +58,7 @@ This audit covers the implementation of Filecoin's builtin Actors, focusing on t ### `2021-05-31` SnarkPack audit An audit was conducted on the cryptographic part of [SnarkPack](https://eprint.iacr.org/2021/529.pdf), that is used in the [FIP0009](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0009.md): + - [Report](https://hackmd.io/@LIRa8YONSwKxiRz3cficng/B105no8w_) from Matteo Campanelli, a well known cryptography [researcher](https://www.binarywhales.com/) One major issue was found in the report by Campanelli where the challenges of each prove commits were not tied to the aggregated proof; this could have led up to malicious miner forge valid aggregated proofs without the individual prove commits. The rest of the issues were of medium to informal severity. From 4f85e6a1039f97726f070ac4083de1db9f9bd28f Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Thu, 31 Oct 2024 16:16:56 +0700 Subject: [PATCH 4/4] Fix husky pre-commit hook --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6999df601..a18b949f5 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "globby": "^11.0.1", "graphviz-cli": "^2.0.0", "hugo-extended": "^0.113.0", - "husky": ">=4", + "husky": "^4.3.8", "jsdom": "^22.1.0", "lint-staged": ">=10", "np": "^6.5.0",