Vac R&D Roadmaps and Reports

Search

SearchSearch

2025-08 Vac monthly

Sep 30, 2025, 18 min read

P2P

highlights

  • Mix senders are able to get responses from destination nodes via SURBs
  • Universal Connectivity App work’s been completed
    • Achieved interop between diff implementations
    • Kademlia support will be added once Kademlia commitment is completed so in the meantime, connection to peers must be done manually
  • Release v1.12.0 of nim-libp2p

report

  • vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
    • Overview:
      • Implemented SURBs so senders can receive replies from request/response protocols
      • Refactorings to improve code quality and easier testing by DST
      • Remove exit == destination use case as it is not part of the spec
      • Added support for circuit relay and quic
    • Delivered deliverables:
      • mix#83 chore: add comments to public API
      • mix#81 refactor: remove exit == destination
      • mix#80 feat: mixrunner
      • mix#79 fix: don’t use global variables
      • mix#78 feat: replies
      • mix#73 feat: create SURBs and send response back
      • mix#71 fix: do not encode a delay for last hop
      • mix#70 refactor: remove entry_connection_callbacks and gossipsub related procs
      • mix#69 feat: add support for circuit relay multiaddresses and fixes quic multiaddresses
      • mix#68 feat: Add Single-Use Reply Block (SURB) Functionality
  • vac:p2p:ift:2025q2-nimlibp2p-universal-connectivity-app
    • Overview:
      • Completed the development of the universal connectivity app, with an UI and behavior that matches other implementations
      • Implements also file exchange (which has not been completed yet by other implementations)
      • KadDHT support is still pending as this protocol is still under active development
    • Completed tasks:
      • vac:p2p:ift:2025q2-nimlibp2p-universal-connectivity-app:chat
      • vac:p2p:ift:2025q2-nimlibp2p-universal-connectivity-app:file-exchange
    • Delivered deliverables:
  • vac:p2p:ift:2025q3-nimlibp2p-autonatv2
    • Overview:
      • Completed the development of the server side of the protocol
      • Client side and Service in progress
    • Delivered deliverables:
  • vac:p2p:ift:2025q3-nimlibp2p-kad-dht
    • Overview
      • Implemented PUT_VALUE
      • Refactors and follow up on pending items from FIND_NODE
    • Delivered deliverables:
  • vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
    • Overview: - Release v1.12.0 of nim-libp2p
      • Fixed issue in which a GoAway was being sent when closing a stream, effectively disconnecting all active streams in Yamux
      • Refactoring and code improvements over Quic, removing possible race conditions when transport is closed or EOF is sent
      • Debugging to determine conditions under which sometimes FIN flags are not being sent
      • Enabled Quic transport in unit tests
      • Compile nimbus on daily
      • Fixed transport interop tasks which was failing due to redis dependency
      • Fixed generation of docs for nim-libp2p
    • Delivered deliverables:
  • misc/admin
    • Overview:
      • 9.5 OOO days from CCs

Tokenomics

highlights

  • Karma Incentives: Enhanced the Staking app with a Karma tier system, broader wallet support, improved faucet functionality, and seamless chain switching.
  • Nomos Cryptoeconomics: Produced final specs for the Execution Market, Data Storage Market, Block Rewards, and Minimum Stake for SDP; contributed an overview of Nomos’ cryptoeconomics and updated KPI emission models.
  • Research Contributions: Compiled a resource hub for Tokenomics and DeFi learners and completed a data-driven token valuation study using Random Forest Regression.

report

  • vac:tke:status:karma-incentives

    • Overview:
      • Extented the Staking app with the introduction of the Karma tier system
      • Fixed bugs and added support to more wallets based on public feedback
      • Improved the faucet functionality
      • Added chain check and switching functionality
    • Completed tasks:
      • vac:tke:status:karma-incentives:staking-demo-tiers

  • vac:tke:nomos:stress-test

    • Overview:
      • Delievered final and revised versions of four Cryptoeconomic-related specs for Nomos, namely the Execution Market, the Data Storage Market, the Block Rewards, and the Minimum Stake for the SDP.
      • Assisted Nomos to write an overview document about Cryptoeconomics of Nomos
    • Completed tasks:
      • vac:tke:nomos:stress-test:review-block-rewards
      • vac:tke:nomos:stress-test:review-nomos-da
      • vac:tke:nomos:stress-test:review-stake-estimation
      • vac:tke:nomos:stress-test:review-cryptoeconomics
      • vac:tke:nomos:stress-test:blockspace-target
      • vac:tke:nomos:stress-test:redefine-storage
      • vac:tke:nomos:stress-test:update-kpi-emission
      • vac:tke:nomos:stress-test:improve-blockspace
      • vac:tke:nomos:stress-test:review-blockspace

  • vac:tke:ift:tokenomics-research-forum

    • Overview:
      • Prepared a general, non-exhaustive list of Tokenomics‑ and DeFi‑related links for those willing to learn more about these topics
      • Finalized a data-driven study of token valuation metrics using Random Forest Regression
    • Completed tasks:
      • vac:tke:ift:tokenomics-research-forum:tke-resources
      • vac:tke:ift:tokenomics-research-forum:token-valuation

QA

highlights

  • Implemented onboarding flow tests and expanded accounts service coverage for status-go.
  • Enhanced Waku interop tests: REST APIs, rendezvous discovery, lite protocol, and WakuCannary investigations.
  • Expanded RLN smart contract unit tests with edge-case scenarios and reentrancy protection.
  • Achieved major nim-libp2p testing milestones: performance testing, rendezvous tests, yamux coverage, and pagination fixes.
  • Validated multiple Status Desktop releases, fixed failing tests, added Windows CI support, and improved load-time measurement.
  • Advanced Keycard Shell testing: single-chain, multichain, and new OS version integrations.
  • Launched Status Mobile framework with Appium, seed phrase tests, and accessibility hooks.
  • Conducted hiring activities, interviews, and handled team OOO schedules.

report

  • status:2025q3-status-go-functional-testing:critical-flows
    • Overview:
      • Added onboarding, backup/restore, account creation, and accounts service tests across multiple phases.
      • Logged issues for seed account problems and message delivery failures.
    • Delivered Deliverables:
  • status:2025q3-status-go-functional-testing:framework-improvements
    • Overview:
      • Refactored schema validation and improved test reliability for status-go backend.
    • Delivered Deliverables:
  • waku:2025q3-interop-testing:wakucannary
    • Overview:
      • Developed WebSocket protocol tests, debugged connection issues, logged infra problems.
    • Delivered Deliverables:
  • waku:2025q3-interop-testing:REST-APIs-Extended
    • Overview:
      • Added debug/admin API coverage, log-level tests, and resolved peer connection inconsistencies.
    • Delivered Deliverables:
  • waku:2025q3-interop-testing:rendezvous-peer-discovery
    • Overview:
      • Implemented and debugged peer discovery tests, reported blocking infra issues.
    • Delivered Deliverables:
  • waku:2025q3-interop-testing:liteprotocoltester
    • Overview:
      • Started Store protocol testing using performance scripts and automation.
    • Delivered Deliverables:
  • waku:2025q3-waku-go-bindings-testing:12hlongevity
    • Overview:
      • Enhanced CI scripts, optimized memory usage logging, and filtered flaky tests.
    • Delivered Deliverables:
  • waku:2025q3-rln-smart-contract-testing:edge-cases
    • Overview:
      • Expanded unit tests, added reentrancy protection, addressed edge conditions.
    • Delivered Deliverables:
      • PRs: 31
      • Issues: 32
  • vac:2025q3-nim-libp2p-testing:gossipsub-performance
    • Overview:
      • Merged base scenarios, aggregation scripts, docker stats, and latency history visualization.
    • Delivered Deliverables:
  • vac:2025q3-nim-libp2p-testing:rendezvous
    • Overview:
      • Refactored rendezvous tests, fixed pagination issues, and started new scenario coverage.
    • Delivered Deliverables:
  • vac:2025q3-nim-libp2p-testing:yamux
    • Overview:
      • Added header and frame handling tests before yamux deprecation notice.
    • Delivered Deliverables:
  • keycard:2025q3-keycard-testing:shell-tests
  • status:2025q3-status-qa-desktop:maintenance
    • Overview:
      • Fixed failing tests, added Windows CI support, improved load time measurement, and cleaned backlog.
    • Delivered Deliverables:
  • status:2025q3-status-qa-desktop:release-testing
  • status:2025q3-status-qa-desktop:app-load-time
    • Overview:
      • Added initial wallet loading time measurement tests.
    • Delivered Deliverables:
  • status:2025q3-status-qa-mobile:framework-adjustments
    • Overview:
      • Developed Appium framework, CI integration, accessibility hooks, and recovery phrase fixtures.
    • Delivered Deliverables:
  • status:2025q3-status-qa-documentation:requirements-framework
    • Overview:
      • Built initial data model for headless CMS-based requirements tracking.
  • admin/misc
    • Overview:
      • Managed hiring pipeline, interviews, planning, and OOO scheduling.
    • Delivered Deliverables:
      • OOO: 24 CC Days

DST

highlights

  • Discovered a bug in Grafana thanks fo Infra team
  • Discovered issue in Status functional tests
  • Created docker utility for nwaku interaction
  • Started working on a libp2p cross implementation repository

report

SC

highlights

  • Participated in 2 contests, lots of learnings
  • Moved StatusL2 contract to mono repo
  • Certora alternative research ongoing

report

  • ift:2025q3-security-audits
  • status:2025q3-maintaining-status-contracts
    • Moved StatusL2 related contracts to status network monorepo
    • Implemented various features and fixes in the staking protocol
    • Completed tasks
      • No concrete tasks were planned
    • Deliverables
      • No concrete deliverables were planned
  • ift:2025q3-sc-learnup-sessions
    • Held and recorded learn up session on Understanding Lending protocls
    • Completed tasks
      • ift:2025q3-sc-learnup-sessions:2025-08
    • Deliverables
  • ift:2025q3-fv-tools-research
    • Researched alternatives for Certora as a tool for formal verification
    • Tried out “Kontrol” and ran quickly into issues and limitations
    • Also played around with selfhosted open source version of Certora
    • So far, verdict is to use OSS Certora locally for quick runs and use SaaS for debugging
    • We’re creating a document with the results
    • Completed tasks
      • This is not done, but rather ongoing
    • Deliverables
      • Document with results not yet finished

ACZ

highlights

report

RFC

highlights

  • Merged the first batch of Nomos specs.
  • Started hands-on work on first Codex specs.
  • Started work on Logos POCs.

report

  • vac:rfc:waku:2025q3-rfc-iteration
    • Overview:
      • Work in progress, business as usual: current scope qaku and maintenance of other specs.
      • Created a list of Waku specs for q4: 21/WAKU2-FAULT-TOLERANT-STORE, 34/WAKU2-PEER-EXCHANGE, WAKU2-NOISE-SESSIONS, WAKU2-NOISE
    • Delivered Deliverables:
      • vac:rfc:waku:2025q3-rfc-iteration:rln-keystore
  • vac:rfc:codex:2025q3-rfc-iteration
    • Overview:
      • Started reviewing the new codex specs, right now focus on Slot-builder and DHT
    • Delivered deliverables:
      • WIP
  • `vac:rfc:nomos:2025q3-rfc-iteration
    • Overview:
      • Completed and merged the initial batch of specs, now focusing on full v1.
    • Delivered Deliverables:
      • vac:rfc:nomos:2025q3-rfc-iteration:da-network
      • vac:rfc:nomos:2025q3-rfc-iteration:p2p-network
      • vac:rfc:nomos:2025q3-rfc-iteration:hardware-requirements
      • vac:rfc:nomos:2025q3-rfc-iteration:da-encoding
      • vac:rfc:nomos:2025q3-rfc-iteration:sdp
      • vac:rfc:nomos:2025q3-rfc-iteration:mantle-digital-signature
  • vac:rfc:logos:2025q3-rfc-iteration:logos-pocs
  • admin-misc
    • 1 CC OOO for 10 days.

Nim

highlights

report

Security

highlights

  • Reviewed and updated the Master Wallet Index repository
  • Created a Signing Account Index
  • Reviewed and updated the Multisig Owner Addition Process
  • Removed users and groups no longer needed in critical services and apps
  • Shared web3 news about crime, phishing, malware, hacks and IoC with Finance
  • Started integrating the multisig wallet validator to n8n
  • Finalized workflows and tests for log extraction from Google and Github
  • Finalized workflows for verifying inactive users from Google, Github, Notion, Discord
  • Updated IR runbooks with a “first-hour” response checklist for phishing incidents
  • Conducted a short tabletop exercise with key stakeholders simulating a wallet compromise scenario
  • Investigated new bug bounty submissions with PoC validation against staging environment
  • Wrote and shared mid-cycle summary of remediations (including trends, blockers, progress rate)
  • Performed secure code review on the latest Status wallet PRs focusing on authentication, key management, and storage handling
  • Cross-checked implemented fixes from last quarter’s review against current codebase for regressions

report

  • ift:2025q3-secure-treasury-management:wallet-policy-update

    • Revalidate, update and/or create policies, processes and procedures around web3 security and wallet management
    • Output:
      • Created a Signing Account Index
      • Created a Signatory Onboarding Process (Identity Verification)
      • Reviewed and updated Multisig Owner Addition Process (Signing Accounts)
      • Reviewed and updated the Master Wallet Index reposiroty (Org Wallets Index)
      • Started updating/creating backup and recovery policies and processes
    • Tasks:
      • ift:2025q3-wallet-policy-update:write-and-review-new-version
      • ift:2025q3-wallet-policy-update:backup-and-recovery-policies

  • ift:2025q3-secure-treasury-management:multisig-secondary-interface-deployment

    • Avoid having a unique interface to access multisig wallets and lose access to funds in case of outage of the primary UI
    • Output:
      • Used Onchain Den with real transactions
      • Wrote guidelines and procedures for backup and recovery, including the use of Onchain Den when needed
    • Tasks:
      • ift:2025q3-multisig-secondary-interface-deployment:test-new-interfaces
      • ift:2025q3-multisig-secondary-interface-deployment:write-guides-and-best-practices

  • ift:2025q3-training-and-awareness-program:web3-security-guidelines

    • Provide security guidelines and best practices about web3 and wallet management
    • Output:
      • Prepared web3 education material to be shared across the org (1st wave: Finance and POps)
      • Shared web3 news about crime, phishing, malware, hacks and IoC with Finance
      • Continued testing the integration of n8n with AI Agents and BlockThreat to feed security news across the org
    • Tasks:
      • ift:2025q3-awareness-program:web3-security-essentials
      • ift:2025q3-security-workflow-automation:feed-web3-news-automatically

  • ift:2025q3-security-workflow-automation

    • Design, deploy and maintain automated workflows to support critical Security Ops and procedures
    • Output:
      • Started integrating the multisig wallet validator to n8n
      • Etherscan API integration
      • Started python script inclusion, dependence on Python n8n docker
      • Continue workflow development for web3 security alerts (n8n with AI Agent + BlockThreat)
        • Added social media feeds
        • Tested AI Prompts
    • Tasks:
      • ift:2025q3-security-automation:automatic-wallet-index-updates
      • ift:2025q3-security-workflow-automation:feed-web3-news-automatically

  • ift:2025q3-iam-operations

    • Mediate access to DeFi protocols and smart contracts to Investment Roles
    • Remove users and groups no longer needed in critical services and apps
    • Output:
      • Removed users no longer needed in Github
      • Removed users no longer needed in Google
      • Removed users no longer needed in Notion
      • Finalized workflows and tests for log extraction from Google and Github
      • Finalized workflows and tests for identifying, verifying leavers from systems
      • Finalized workflows for verifying inactive users from Google, Github, Notion, Discord
      • Added reporting and notifications for inactive Notion & Google users
    • Tasks:
      • ift:2025q3-iam-operations:remove-unnecessary-users
      • ift:2025q3-security-automation:access-revalidation

  • ift:2025q3-incident-response-and-vulnerability-management

    • Identify, assess, prioritize, and mitigate security vulnerabilities across the org infrastructure and programs.
    • Identify, respond to, and resolve security incidents, with clear communication, ensuring minimal disruption to business operations.
    • Output:
      • Collected and archived phishing-related artifacts (email headers, wallet activity logs, message history)
      • Performed log correlation analysis to detect possible secondary targets from the SNT phishing incident
      • Run endpoint scans on affected accounts/devices to validate containment of potential compromise
      • Updated IR runbooks with a “first-hour” response checklist for phishing incidents
      • Conducted a short tabletop exercise with key stakeholders simulating a wallet compromise scenario
      • Investigated new bug bounty submissions with PoC validation against staging environment
      • Manually validated top 10 unresolved CodeQL alerts across 3 repos and flag false positives
      • Wrote and shared mid-cycle summary of remediations (including trends, blockers, progress rate)
      • Run a targeted static analysis review for crypto-related vulnerabilities across top repositories
      • Verified recent CodeQL fixes were deployed in production and covered by CI security tests
      • Cross-checked static analysis findings against runtime logs to confirm exploitability
      • Coordinated with repo owners to close at atleast top 5 high/medium security issues by hands-on patch review
    • Tasks:
      • ift:2025q3-security-operations:incident-response
      • ift:2025q3-security-operations:vulnerability-management
      • ift:2025q3-vulma-and-ir:remediation-tracking

  • ift:2025q3-cicd-security-improvement

  • ift:2025q3-threat-modelling-and architecture-design-reviews

    • Review security requirements and protocols in the design and architecture of software
    • Output:
      • Manually traced CI/CD boundaries across top-5 components and linked security gaps (Dependabot/CodeQL)
      • Open tracking issues for each identified architecture concern needing mitigation
      • Performed secure code review on the latest Status wallet PRs focusing on authentication, key management, and storage handling
      • Cross-checked implemented fixes from last quarter’s review against current codebase for regressions
      • Audited CI pipeline secrets usage and validate enforcement of rotation policies
      • Held architecture discussion with Status team on wallet security design and integration boundaries
      • Deep dive secure code review on new Status browser and messaging PRs (focus: encryption, IPC, storage access)
      • Manually tested wallet PRs for insecure key handling or bypass of authentication logic
      • Reviewed CI/CD pipeline configs for provisioned token scopes and improper access permissions
    • Tasks:
      • ift:2025q2-cicd-security-review:status-design-reviews

  • ift:2025q3-finance-workflow-automation

    • Develop and/or support with development of new automations for Finance.
    • Output:
      • Followed-up on changes to Expensify PO process
      • Verified changes in Iplicit API - impact on data synch
      • Continued improvement lists for finance processes
      • Mass PO improvements
    • Tasks:
      • ift:2025q3-finance-automation

Nescience

Highlights

  • Defined NSSA v0.1 protocol specs.
  • Defined NSSA sequencer specs.
  • Worked on R0 encryption demos.
  • Designed Token Program and native token for NSSA.
  • Improved our key protocol.
  • Worked on implementing wallet extraction.
  • 80% of the specs were implemented.
  • 80% of the key protocol was implemented.
  • Result-wise, we have defined and implemented the first version of the specs and improved our code. This Sprint helped us improve our architecture, with the possibility to have a first testnet prior to the deadline.

Report

Graph View

Backlinks

  • No backlinks found