Audit Reports

Audit Reports

Security is a critical component in ensuring Filecoin can fulfill its mission to be the storage network for humanity. In addition to robust secure development processes, trainings, theory audits, and investing in external security research, the Filecoin project has engaged reputable third party auditing specialists to ensure that the theory behind the protocol and its implementation delivers the intended value, enabling Filecoin to be a safe and secure network. This section covers a selection of audit reports that have been published on Filecoin’s theory and implementation.

Lotus

2020-10-20 Lotus Mainnet Ready Security Audit

The scope of this audit covered:

  • The Lotus Daemon: Core component responsible for handling the Blockchain node logic by handling peer- to-peer networking, chain syncing, block validation, data retrieval and transfer, etc.
  • The Lotus Storage Miner: Mining component used to manage a single storage miner by contributing to the network through Sector commitments and Proofs-of-Spacetime data proving it is storing the sectors it has committed to. This component communicates with the Lotus daemon via JSON-RPC API calls.

Actors

2020-10-19 Actors Mainnet Ready Security Audit

This audit covers the implementation of Filecoin’s builtin Actors, focusing on the role of Actors as a core component in the business logic of the Filecoin storage network. The audit process involved a manual review of the Actors code and conducting ongoing reviews of changes to the code during the course of the engagement. Issues uncovered through this process are all tracked in the GitHub repository. All Priority 1 issues have been resolved. Most Priority 2 issues have been resolved - ones that are still open have been determined to not be a risk for the Filecoin network or miner experience. Further details on these and all other issues raised available in the report.

Proofs

2020-10-20 Filecoin Bellman and BLS Signatures

This audit covers the core cryptographic primitives used by the Filecoin Proving subsystem, including BLS signatures, cryptographic arithmetic, pairings, and zk-SNARK operations. The scope of the audit included several repositories (most code is written in rust) - bls-signatures, Filecoin’s bellman, ff, group, paired, and rush-sha2ni.The audit uncovered 1 medium severity issue which has been fixed, and a few other low severity/informational issues (the details of all issues raised and their status at time of publishing are available in the report).

2020-07-28 Filecoin Proving Subsystem

This audit covers the full Proving subsystem, including rust-fil-proofs and filecoin-ffi, through which Proof of Space-Time (PoSt), Proof of Retrievability (PoR), and Proof of Replication (PoRep) are implemented. The audit process included using fuzzing to identify potential vulnerabilities in the subsystem, each of which was resolved (the details of all issues raised and their resolutions are available in the report).

2020-07-28 zk-SNARK proofs

This audit covers the core logic and implementation of the zk-SNARK tree-based proofs-of-replication (including the fork of bellman), as well as the SNARK circuits creation. All issues raised by the audit were resolved.

GossipSub

2020-06-03 GossipSub Design and Implementation

This audit focused specifically on GossipSub, a pubsub protocol built on libp2p, version 1.1, which includes a peer scoring layer to mitigate certain types of attacks that could compromise a network. The audit covered the spec, go-libp2p-pubsub and gossipsub-hardening. The report found 4 issues, primarily in the Peer Scoring that was introduced in v1.1, and includes additional suggestions. All the issues raised in the report have been resolved, and additional details are available in the report linked above.

2020-04-18 GossipSub Evaluation

This evaluation focused on demonstrating that GossipSub is resilient against a range of attacks, capable of recovering the mesh, and can meet the message delivery requirements for Filecoin. Attacks used in testing include the Sybil, Eclipse, Degredation, Censorship, Attack at Dawn, “Cover Flash”, and “Cold Boot” attacks. The spec for v1.1, v1.0 and the reference implementation were in scope for this audit.

Drand

2020-08-09 drand reference implementation Security Audit

This report covers the end-to-end audit carried out on drand, including the implementations found in drand/drand, drand/bls12-381 and drand/kyber. The audit assessed drand’s ability to securely provide a distributed, continuous source of entropy / randomness for Filecoin, and included using fuzzing to find potential leaks, errors, or other panics. A handful of issues were found, 14 of which were marked as issues ranging from low to high risk, all of which have been resolved (the details of all issues raised and their resolutions are available in the report).