Gitcoin: Improve the security of the Avalanche network by auditing, porting and testing its fundamental tools on OpenBSD/adJ

Home Projects Rounds

Improve the security of the Avalanche network by auditing, porting and testing its fundamental tools on OpenBSD/adJ

https://www.pasosdejesus.org/avalanche-adJ/index.html

VladimirTamara

vtamara (user)

pasosdeJesus (project)

100%

average score over 1 application evaluations

Enhancing Avalanche network security by source code audits, porting tools to OpenBSD/adJ, extensive testing, and collaborating with developers to fix identified issues and improve library security.

We propose to improve the security of the Avalanche network as a whole by:

Auditing the source code of the Avalanche tools and some of the libraries on which they depend. To audit we will follow the methodology of OpenBSD
Porting the libraries and the fundamental avalanche tools to OpenBSD/adJ (at least avalanchego, subnet-evm, coreth, avalanche-network-runner, precompile-evm and avalanche-cli)
On OpenBSD/adJ run the tests of the Avalanche tools and use them with different use cases (including a validator and developing dApps) and with loads as close as production as possible to discover runtime failures that could point to security flaws.
Report the problems found and recommend ways to improve and/or propose Pull Requests to fix them.

Up to now we have concentrated more in the porting effort but it already gave fruit in improving security:

We contributed 3 pull requests with small improvements in portability. They were already merged in the main avalanche tools
We contributed one pull request that adds support for OpenBSD to avalanchego. This one is waiting approval and hopefully merging.
We helped to improve the security of one library that is central for the Avalance protocol. The Avalanche protocol depends on the BLS12-381 signature, in the source code it is implemented by the library supranational/blst. Using our methodology we reported a crash of this library in OpenBSD/adJ due to a security feature of that OS (see issue 206). With our feedback the author of blst solved the problem and improved the security of the library with the commits dae1f and 6cca1 --a constant table required for the cryptographic BLS12-381 signature library now is in a section for constants (.rodata) not allowing an attacker to modify it after the program starts.

With the funding of this project we will go through a full audit of the sources, completing the porting effort and more integral testing to keep contributing pull requests and suggestions to improve the security of Avalanche tools and the libraries that they depend on.

Please see details of the results as we progress in the project web page

Improve the security of the Avalanche network by auditing, porting and testing its fundamental tools on OpenBSD/adJ History

applied to the Avalanche Community Grants Quadratic Funding Round One 5 months ago of which the application is still in a pending state

Explore projects

MotusDAO

Web 3.0 mental health platform with an integrated economic model for democratizing quality care, featuring a new monetary system and a live community with licensed psychologists.

American Cancer Society Patient Lodging Programs

Free ACS Hope Lodge® lodging for cancer patients and caregivers during treatment, available at 30+ locations, serving 29,000+ annually, saving $55 million in costs.

king

lfg

Blockhead: portfolio tracker, block explorer and web3 browser

A customizable browser interface for Ethereum and EVM-based blockchains, featuring a portfolio tracker, block explorer, smart contract interfaces, and DeFi protocol explorers with user-controlled data sources.

Prutopia

Blockchain-based digital CV platform that empowers users to control their data with verifiable credentials and seamless internet interoperability, reinventing online identity without relying on traditional personal identifiers.

Back to Projects