Gitcoin: Improve the security of the Avalanche network by auditing, porting and testing its fundamental tools on OpenBSD/adJ

Home Projects Rounds

Improve the security of the Avalanche network by auditing, porting and testing its fundamental tools on OpenBSD/adJ

https://www.pasosdejesus.org/avalanche-adJ/index.html

VladimirTamara

vtamara (user)

pasosdeJesus (project)

100%

average score over 1 application evaluations

Enhancing Avalanche network security by source code audits, porting tools to OpenBSD/adJ, extensive testing, and collaborating with developers to fix identified issues and improve library security.

We propose to improve the security of the Avalanche network as a whole by:

Auditing the source code of the Avalanche tools and some of the libraries on which they depend. To audit we will follow the methodology of OpenBSD
Porting the libraries and the fundamental avalanche tools to OpenBSD/adJ (at least avalanchego, subnet-evm, coreth, avalanche-network-runner, precompile-evm and avalanche-cli)
On OpenBSD/adJ run the tests of the Avalanche tools and use them with different use cases (including a validator and developing dApps) and with loads as close as production as possible to discover runtime failures that could point to security flaws.
Report the problems found and recommend ways to improve and/or propose Pull Requests to fix them.

Up to now we have concentrated more in the porting effort but it already gave fruit in improving security:

We contributed 3 pull requests with small improvements in portability. They were already merged in the main avalanche tools
We contributed one pull request that adds support for OpenBSD to avalanchego. This one is waiting approval and hopefully merging.
We helped to improve the security of one library that is central for the Avalance protocol. The Avalanche protocol depends on the BLS12-381 signature, in the source code it is implemented by the library supranational/blst. Using our methodology we reported a crash of this library in OpenBSD/adJ due to a security feature of that OS (see issue 206). With our feedback the author of blst solved the problem and improved the security of the library with the commits dae1f and 6cca1 --a constant table required for the cryptographic BLS12-381 signature library now is in a section for constants (.rodata) not allowing an attacker to modify it after the program starts.

With the funding of this project we will go through a full audit of the sources, completing the porting effort and more integral testing to keep contributing pull requests and suggestions to improve the security of Avalanche tools and the libraries that they depend on.

Please see details of the results as we progress in the project web page

Improve the security of the Avalanche network by auditing, porting and testing its fundamental tools on OpenBSD/adJ History

applied to the Avalanche Community Grants Quadratic Funding Round One 11 months ago of which the application is still in a pending state

Explore projects

EVM Trace

Fridays For Future Lebanon: Pan-Arab DeFi Solidarity

Fridays For Future Lebanon campaigns for climate justice, recognizing victimhood, abolishing Kafala, building eco-awareness, liaising with diverse groups, pushing for fossil fuel treaty adoption, demilitarization, and integrating local eco-startups with web3 tech.

Monty Merlin Bryant | ReFi Gitcoin 🌱

Monty Merlin Bryant applies regenerative finance to Web3 and public goods, leading initiatives that allocate resources to impactful projects and expand the Gitcoin ecosystem through educational events and local node support.

Michelle & Jess Test Project

test description

Frontier Registry

Frontier Registry is a blockchain-powered tool enhancing STEM research by providing data provenance, IP authentication, and promoting open collaboration while safeguarding researchers' rights.

Back to Projects