P2P
highlights
- Mix senders are able to get responses from destination nodes via SURBs
- Universal Connectivity App work’s been completed
- Achieved interop between diff implementations
- Kademlia support will be added once Kademlia commitment is completed so in the meantime, connection to peers must be done manually
- Release v1.12.0 of nim-libp2p
report
vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
- Overview:
- Implemented SURBs so senders can receive replies from request/response protocols
- Refactorings to improve code quality and easier testing by DST
- Remove
exit == destination
use case as it is not part of the spec - Added support for circuit relay and quic
- Delivered deliverables:
- mix#83 chore: add comments to public API
- mix#81 refactor: remove
exit == destination
- mix#80 feat: mixrunner
- mix#79 fix: don’t use global variables
- mix#78 feat: replies
- mix#73 feat: create SURBs and send response back
- mix#71 fix: do not encode a delay for last hop
- mix#70 refactor: remove entry_connection_callbacks and gossipsub related procs
- mix#69 feat: add support for circuit relay multiaddresses and fixes quic multiaddresses
- mix#68 feat: Add Single-Use Reply Block (SURB) Functionality
- Overview:
vac:p2p:ift:2025q2-nimlibp2p-universal-connectivity-app
- Overview:
- Completed the development of the universal connectivity app, with an UI and behavior that matches other implementations
- Implements also file exchange (which has not been completed yet by other implementations)
- KadDHT support is still pending as this protocol is still under active development
- Completed tasks:
vac:p2p:ift:2025q2-nimlibp2p-universal-connectivity-app:chat
vac:p2p:ift:2025q2-nimlibp2p-universal-connectivity-app:file-exchange
- Delivered deliverables:
- Overview:
vac:p2p:ift:2025q3-nimlibp2p-autonatv2
- Overview:
- Completed the development of the server side of the protocol
- Client side and Service in progress
- Delivered deliverables:
- nim-libp2p#1637 Message Types
- nim-libp2p#1658 Server
- Overview:
vac:p2p:ift:2025q3-nimlibp2p-kad-dht
- Overview
- Implemented
PUT_VALUE
- Refactors and follow up on pending items from
FIND_NODE
- Implemented
- Delivered deliverables:
- nim-libp2p#1624 feat:
PUT_VALUE
- nim-libp2p#1623 key-refactor to not track hash-state
- nim-libp2p#1624 feat:
- Overview
vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
- Overview:
- Release v1.12.0 of nim-libp2p
- Fixed issue in which a GoAway was being sent when closing a stream, effectively disconnecting all active streams in Yamux
- Refactoring and code improvements over Quic, removing possible race conditions when transport is closed or EOF is sent
- Debugging to determine conditions under which sometimes FIN flags are not being sent
- Enabled Quic transport in unit tests
- Compile nimbus on daily
- Fixed transport interop tasks which was failing due to redis dependency
- Fixed generation of docs for nim-libp2p
- Delivered deliverables:
- Maintenance work is being tracked in Maintenance 2025Q3
- Overview:
- Release v1.12.0 of nim-libp2p
misc/admin
- Overview:
- 9.5 OOO days from CCs
- Overview:
Tokenomics
highlights
- Karma Incentives: Enhanced the Staking app with a Karma tier system, broader wallet support, improved faucet functionality, and seamless chain switching.
- Nomos Cryptoeconomics: Produced final specs for the Execution Market, Data Storage Market, Block Rewards, and Minimum Stake for SDP; contributed an overview of Nomos’ cryptoeconomics and updated KPI emission models.
- Research Contributions: Compiled a resource hub for Tokenomics and DeFi learners and completed a data-driven token valuation study using Random Forest Regression.
report
-
vac:tke:status:karma-incentives
- Overview:
- Extented the Staking app with the introduction of the Karma tier system
- Fixed bugs and added support to more wallets based on public feedback
- Improved the faucet functionality
- Added chain check and switching functionality
- Completed tasks:
vac:tke:status:karma-incentives:staking-demo-tiers
- Overview:
-
vac:tke:nomos:stress-test
- Overview:
- Delievered final and revised versions of four Cryptoeconomic-related specs for Nomos, namely the Execution Market, the Data Storage Market, the Block Rewards, and the Minimum Stake for the SDP.
- Assisted Nomos to write an overview document about Cryptoeconomics of Nomos
- Completed tasks:
vac:tke:nomos:stress-test:review-block-rewards
vac:tke:nomos:stress-test:review-nomos-da
vac:tke:nomos:stress-test:review-stake-estimation
vac:tke:nomos:stress-test:review-cryptoeconomics
vac:tke:nomos:stress-test:blockspace-target
vac:tke:nomos:stress-test:redefine-storage
vac:tke:nomos:stress-test:update-kpi-emission
vac:tke:nomos:stress-test:improve-blockspace
vac:tke:nomos:stress-test:review-blockspace
- Overview:
-
vac:tke:ift:tokenomics-research-forum
- Overview:
- Prepared a general, non-exhaustive list of Tokenomics‑ and DeFi‑related links for those willing to learn more about these topics
- Finalized a data-driven study of token valuation metrics using Random Forest Regression
- Completed tasks:
vac:tke:ift:tokenomics-research-forum:tke-resources
vac:tke:ift:tokenomics-research-forum:token-valuation
- Overview:
QA
highlights
- Implemented onboarding flow tests and expanded accounts service coverage for
status-go
. - Enhanced Waku interop tests: REST APIs, rendezvous discovery, lite protocol, and WakuCannary investigations.
- Expanded RLN smart contract unit tests with edge-case scenarios and reentrancy protection.
- Achieved major nim-libp2p testing milestones: performance testing, rendezvous tests, yamux coverage, and pagination fixes.
- Validated multiple Status Desktop releases, fixed failing tests, added Windows CI support, and improved load-time measurement.
- Advanced Keycard Shell testing: single-chain, multichain, and new OS version integrations.
- Launched Status Mobile framework with Appium, seed phrase tests, and accessibility hooks.
- Conducted hiring activities, interviews, and handled team OOO schedules.
report
status:2025q3-status-go-functional-testing:critical-flows
status:2025q3-status-go-functional-testing:framework-improvements
waku:2025q3-interop-testing:wakucannary
waku:2025q3-interop-testing:REST-APIs-Extended
waku:2025q3-interop-testing:rendezvous-peer-discovery
waku:2025q3-interop-testing:liteprotocoltester
- Overview:
- Started Store protocol testing using performance scripts and automation.
- Delivered Deliverables:
- PRs: 135
- Overview:
waku:2025q3-waku-go-bindings-testing:12hlongevity
- Overview:
- Enhanced CI scripts, optimized memory usage logging, and filtered flaky tests.
- Delivered Deliverables:
- PRs: 89
- Overview:
waku:2025q3-rln-smart-contract-testing:edge-cases
vac:2025q3-nim-libp2p-testing:gossipsub-performance
vac:2025q3-nim-libp2p-testing:rendezvous
vac:2025q3-nim-libp2p-testing:yamux
keycard:2025q3-keycard-testing:shell-tests
- Overview:
- Completed single-chain, multichain, and OS v0.10 wallet tests with SLIP39 verification.
- Delivered Deliverables:
- Overview:
status:2025q3-status-qa-desktop:maintenance
status:2025q3-status-qa-desktop:release-testing
status:2025q3-status-qa-desktop:app-load-time
- Overview:
- Added initial wallet loading time measurement tests.
- Delivered Deliverables:
- PRs: 18592
- Overview:
status:2025q3-status-qa-mobile:framework-adjustments
status:2025q3-status-qa-documentation:requirements-framework
- Overview:
- Built initial data model for headless CMS-based requirements tracking.
- Overview:
admin/misc
- Overview:
- Managed hiring pipeline, interviews, planning, and OOO scheduling.
- Delivered Deliverables:
- OOO: 24 CC Days
- Overview:
DST
highlights
- Discovered a bug in Grafana thanks fo Infra team
- Discovered issue in Status functional tests
- Created docker utility for nwaku interaction
- Started working on a libp2p cross implementation repository
report
admin/misc
- Overview
- 2 sick leave days from CCs
- 7 OOO days from CCs
- Meetings with new CC to explain DST workflow
- Cleared Grafana dashboards, discovered Grafana but with infra team
- Github issue in Grafana repo not created yet because lack of time.
- Related issues for track:
- Call with Waku for setting Tailscale + Grafana + Victorialogs
- Create DST Github Timeline 2025Q3 for tracking task dates.
- Call with Status from Status to check status scalability
- Discussed several follow ups
- Discovered issues in Status functional tests
- Created lab usage information notion page
- Published research blog on GossipSub improvements comparison
- Created requested VM for ACZ
- Created job description for DevOps
- Call with Codex team
- Discussed differences between both frameworks, and approaches that could be taken
- Created notion document for next steps on the framework
- Coordinate with Nescience to use this machine next week
- Track gossipsub metrics spec draft
- Delivered deliverables
- Closed tasks
- No closed tasks
- Overview
vac:dst:ift:2025q3-dst-research-destination
- Overview
- Worked on EF proposal:
- Add comparisons of Shadow and Kurtosis. Testground still missing.
- Add another DST CC, and some links with his work
- Answered some doc comments
- Worked on EF proposal:
- Delivered deliverables
- Closed tasks
- Overview
vac:dst:vac:2025q3-libp2p-evaluation
- Overview
- Regression analysis for nim-libp2p 1.12
- Bandwidth weird patterns helped discover lab inestabilities again
- Bandwidth measurements are not accurate because of this
- Still can be checked that Quic is not fully stable yet
- Started second Mix analysis
- Regression analysis for nim-libp2p 1.12
- Delivered deliverables
- Closed tasks
vac:dst:vac:2025q3-libp2p-evaluation:regression-testing
vac:dst:vac:2025q3-libp2p-evaluation:evaluate-quic-v0.2.9
- Overview
vac:dst:waku:2025q3-waku-evaluation
- Overview
- Analyze discv5 usage from waku. Not as high as initially expected.
- Discovered discrepancies in store protocol when hitting messages endpoint (PEER_DIAL_FAILURE).
- Upgraded
getEnr.tpl
andgetAddress.tpl
so it can be used to generate k8s deployment template for jswaku
- Delivered deliverables
- Closed tasks
vac:dst:waku:2025q3-waku-evaluation:regression-testing
vac:dst:waku:2025q3-waku-evaluation:discv5-feasibility-comparison
vac:dst:waku:2025q3-waku-evaluation:store-dial-failure-followup
vac:dst:waku:2025q3-waku-evaluation:js-waku
- Overview
vac:dst:waku:2025q3-dst-tooling
- Overview
- Added logging of events to experiments framework and use it to automatically generate time intervals for analysis script
- Changed requirements for uv in 10ksim repo
- Removed unused functionalities
- Improved special character replacement when doing queries
- Update getenr version to support quering different services
- Moved waku request functionalities to a new repository
- Add debug mode for message store requester
- Added Events logging
- Working on shadow integration in workflow
- Shadow test runs with both, docker executable and build method
- Delivered deliverables
- Github PR: Logging events
- Github PR: UV
- Github PR: Better query parsing
- Github PR: Update getenr
- Github PR: msg_retriever debug mode
- Github repo: Pod requester
- Github PR: Events logging
- Github PR: Reorganize repo
- Github PR: Organize experiment output better
- Github PR: BaseExperiment deploy
- Github PR: Events refactor
- Github PR: Add cls.name when registering experiments
- Github repo: libp2p cross-implementation nodes
- Closed tasks
vac:dst:waku:2025q3-dst-tooling:general-tooling
(recurring)vac:dst:ift:2025q3-dst-tooling:python-uv
vac:dst:ift:2025q3-dst-tooling:improve-tooling
vac:dst:ift:2025q3-dst-tooling:shadow-integration-scaffold
vac:dst:ift:2025q3-dst-tooling:workdir-experiments-track
vac:dst:ift:2025q3-dst-tooling:deployment-updates
- Overview
vac:dst:status:2025q3-status-go-chat-protocol-benchmarks
- Overview
- Status-waku discovered an issue with bootstraping
- Call with waku to debug issue, and analyzed behavior depending on how waku is connected.
- Confirmed that peers added through
staticnode
argument are not exposed to be discovered even they have discv5 enabled. - Discussions and troubleshooting to help status
- Status-waku discovered an issue with bootstraping
- Delivered deliverables
- Closed tasks
vac:dst:status:2025q3-status-go-chat-protocol-benchmarks:delay-and-store
- Overview
SC
highlights
- Participated in 2 contests, lots of learnings
- Moved StatusL2 contract to mono repo
- Certora alternative research ongoing
report
ift:2025q3-security-audits
- Participated in two public audit contests
- Learnings were turned into a learnup session
- Completed tasks
- This is ongoing
- Deliverables
status:2025q3-maintaining-status-contracts
- Moved StatusL2 related contracts to status network monorepo
- Implemented various features and fixes in the staking protocol
- Completed tasks
- No concrete tasks were planned
- Deliverables
- No concrete deliverables were planned
ift:2025q3-sc-learnup-sessions
- Held and recorded learn up session on Understanding Lending protocls
- Completed tasks
ift:2025q3-sc-learnup-sessions:2025-08
- Deliverables
ift:2025q3-fv-tools-research
- Researched alternatives for Certora as a tool for formal verification
- Tried out “Kontrol” and ran quickly into issues and limitations
- Also played around with selfhosted open source version of Certora
- So far, verdict is to use OSS Certora locally for quick runs and use SaaS for debugging
- We’re creating a document with the results
- Completed tasks
- This is not done, but rather ongoing
- Deliverables
- Document with results not yet finished
ACZ
highlights
- Released first version of de-MLS RFC
- Improved CONTRIBUTING.md for zerokit by an external PR
- Released Zerokit performance blog post: Zerokit optimizations: A performance journey
report
-
ift:2025q3-de-mls-testnet
- Overview:
- Implemented hashlike consensus for de-MLS
- Improved CONTRIBUTING.md for zerokit by an external PR
- Delivered deliverables:
- Completed tasks:
- Overview:
-
ift:2025q3-zerokit
- Overview:
- Improved CI for zerokit
- Improved parallelizm in wasm
- Started to integrate big-endian (BE) support
- Update docs for merkle tree for zerokit
- Released zerokit performance improvement blog post
- Delivered deliverables:
- feat: support feature-specific binary generation PR#326
- feat: add wasm parallel testcase PR#328
- feat: bump rayon version, parallel feature flag PR#4
- feat: resolve overlap between stateless and merkletree feature flags #329
- feat(rln): add big endian support for the whole API #330
- feat(rln-wasm-utils): extracting the generation and hash functions into a separate module #332
- chore: consistent naming and update docs for merkle trees #333
- Zerokit optimizations: A performance journey
- Completed tasks:
ift:2025q3-zerokit:ci-revising
ift:2025q3-zerokit:rln-wasm-maintaining
ift:2025q3-zerokit:merkle-tree-revising
- Overview:
-
ift:2025q3-rln-status-l2
- Overview:
- Tested smart contract intections with prover
- Tested e2e functionality
- Maintain rln-prover repo with CI workflow, update Zerokit version
- Began work on stress testing the prover module for shadow benchmarking
- Drafted decentralizes slashing document
- Delivered deliverables:
- Test and fix smart contract interaction #24
- Update for new KarmaTiers smart contract #23
- Extend testcase timeout to prevent panic, seperate anvil feature for testcase. PR #28
- Use exact zerokit version, move common deps to workspace, remove unuse deps to reduce build size PR #30
- Add zeroize support for private key PR #27
- Add throughput measurement for prover benchmark PR #22
- Split unit tests in several new files PR #21
- Decentralized slashing document
- Completed tasks:
ift:2025q3-rln-status-l2:sc-testing
ift:2025q3-rln-status-l2:track-and-monitor
ift:2025q3-rln-status-l2:profiling
- Overview:
-
ift:2025q3-ift-zk-calls
- Overview:
- August IFT ZK Call is conducted
- Delivered deliverables:
- Completed tasks:
ift:2025q3-ift-zk-calls:ift-zk-call-2
- Overview:
-
ift:2025q3-libp2p-mix-testnet
- Overview:
- Resuming updating libp2p-mix RFC
- Resuming consulting P2P team
- Identifying the requirements for multi-SURB
- Delivered deliverables:
- Completed tasks:
- Overview:
-
nes:2025q3-nescience-consulting
- Overview:
- Finished specs for key protocol
- Deliver cosmos-l2-feasibility zone document
- Started to work on deep dive existing project
- Delivered deliverables:
- Completed tasks:
nes:2025q3-nescience-consulting:key-protocol-spec
nes:2025q3-nescience-consulting:cosmos-l2-feasibility
- Overview:
-
nomos:2025q3-nomos-consulting
- Overview:
- Review Nomos doc for total stake
- Delivered deliverables:
- Completed tasks:
nomos:2025q3-nomos-consulting:zk-consulting-nomos-2
- Overview:
RFC
highlights
- Merged the first batch of Nomos specs.
- Started hands-on work on first Codex specs.
- Started work on Logos POCs.
report
vac:rfc:waku:2025q3-rfc-iteration
- Overview:
- Work in progress, business as usual: current scope qaku and maintenance of other specs.
- Created a list of Waku specs for q4: 21/WAKU2-FAULT-TOLERANT-STORE, 34/WAKU2-PEER-EXCHANGE, WAKU2-NOISE-SESSIONS, WAKU2-NOISE
- Delivered Deliverables:
vac:rfc:waku:2025q3-rfc-iteration:rln-keystore
- Overview:
vac:rfc:codex:2025q3-rfc-iteration
- Overview:
- Started reviewing the new codex specs, right now focus on Slot-builder and DHT
- Delivered deliverables:
- WIP
- Overview:
- `vac:rfc:nomos:2025q3-rfc-iteration
- Overview:
- Completed and merged the initial batch of specs, now focusing on full v1.
- Delivered Deliverables:
vac:rfc:nomos:2025q3-rfc-iteration:da-network
vac:rfc:nomos:2025q3-rfc-iteration:p2p-network
vac:rfc:nomos:2025q3-rfc-iteration:hardware-requirements
vac:rfc:nomos:2025q3-rfc-iteration:da-encoding
vac:rfc:nomos:2025q3-rfc-iteration:sdp
vac:rfc:nomos:2025q3-rfc-iteration:mantle-digital-signature
- Overview:
vac:rfc:logos:2025q3-rfc-iteration:logos-pocs
- Overview:
- Started reading the documentation and creating a wireframe according to COSS.
- Delivered deliverables:
- Overview:
admin-misc
- 1 CC OOO for 10 days.
Nim
highlights
report
-
ift:2025q3-nimble
- Overview:
- All work below is towards the road to Nimble version 1.0.0.
- Delivered deliverables:
- https://github.com/nim-lang/nimble/pull/1431
- https://github.com/status-im/nimbus-build-system/pull/106
- https://github.com/nim-lang/nimble/pull/1431
- https://github.com/nim-lang/nimble/pull/1433
- https://github.com/nim-lang/nimble/pull/1435
- https://github.com/nim-lang/nimble/pull/1436
- https://github.com/nim-lang/nimble/pull/1437
- https://github.com/nim-lang/nimble/pull/1439
- https://github.com/nim-lang/nimble/pull/1440
- https://github.com/nim-lang/nimble/pull/1441
- https://github.com/nim-lang/nimble/pull/1442
- https://github.com/nim-lang/nimble/pull/1443
- https://github.com/nim-lang/nimble/pull/1446
- https://github.com/nim-lang/nimble/pull/1448
- https://github.com/nim-lang/nimble/issues/1449
- https://github.com/nim-lang/nimble/pull/1452
- https://github.com/nim-lang/nimble/pull/1453
- https://github.com/nim-lang/nimble/pull/1457
- Overview:
-
vac:nim:ift:2025q3-nim-core-libs:nim-cbor-serialization
- Overview:
- New CC joined to work on Nim Core Libs, initial focus on nim-cbor-serialization.
- Setup CI workflow: tests, nph lint
- Added docs, book, examples
- Plugable bignum support
- Refactored bigints into a plugin
- Added missing
CborRaw
type to parse/write raw CBOR data
- Delivered deliverables:
- Overview:
Security
highlights
- Reviewed and updated the Master Wallet Index repository
- Created a Signing Account Index
- Reviewed and updated the Multisig Owner Addition Process
- Removed users and groups no longer needed in critical services and apps
- Shared web3 news about crime, phishing, malware, hacks and IoC with Finance
- Started integrating the multisig wallet validator to n8n
- Finalized workflows and tests for log extraction from Google and Github
- Finalized workflows for verifying inactive users from Google, Github, Notion, Discord
- Updated IR runbooks with a “first-hour” response checklist for phishing incidents
- Conducted a short tabletop exercise with key stakeholders simulating a wallet compromise scenario
- Investigated new bug bounty submissions with PoC validation against staging environment
- Wrote and shared mid-cycle summary of remediations (including trends, blockers, progress rate)
- Performed secure code review on the latest Status wallet PRs focusing on authentication, key management, and storage handling
- Cross-checked implemented fixes from last quarter’s review against current codebase for regressions
report
-
ift:2025q3-secure-treasury-management:wallet-policy-update
- Revalidate, update and/or create policies, processes and procedures around web3 security and wallet management
- Output:
- Created a Signing Account Index
- Created a Signatory Onboarding Process (Identity Verification)
- Reviewed and updated Multisig Owner Addition Process (Signing Accounts)
- Reviewed and updated the Master Wallet Index reposiroty (Org Wallets Index)
- Started updating/creating backup and recovery policies and processes
- Tasks:
ift:2025q3-wallet-policy-update:write-and-review-new-version
ift:2025q3-wallet-policy-update:backup-and-recovery-policies
-
ift:2025q3-secure-treasury-management:multisig-secondary-interface-deployment
- Avoid having a unique interface to access multisig wallets and lose access to funds in case of outage of the primary UI
- Output:
- Used Onchain Den with real transactions
- Wrote guidelines and procedures for backup and recovery, including the use of Onchain Den when needed
- Tasks:
ift:2025q3-multisig-secondary-interface-deployment:test-new-interfaces
ift:2025q3-multisig-secondary-interface-deployment:write-guides-and-best-practices
-
ift:2025q3-training-and-awareness-program:web3-security-guidelines
- Provide security guidelines and best practices about web3 and wallet management
- Output:
- Prepared web3 education material to be shared across the org (1st wave: Finance and POps)
- Shared web3 news about crime, phishing, malware, hacks and IoC with Finance
- Continued testing the integration of n8n with AI Agents and BlockThreat to feed security news across the org
- Tasks:
ift:2025q3-awareness-program:web3-security-essentials
ift:2025q3-security-workflow-automation:feed-web3-news-automatically
-
ift:2025q3-security-workflow-automation
- Design, deploy and maintain automated workflows to support critical Security Ops and procedures
- Output:
- Started integrating the multisig wallet validator to n8n
- Etherscan API integration
- Started python script inclusion, dependence on Python n8n docker
- Continue workflow development for web3 security alerts (n8n with AI Agent + BlockThreat)
- Added social media feeds
- Tested AI Prompts
- Tasks:
ift:2025q3-security-automation:automatic-wallet-index-updates
ift:2025q3-security-workflow-automation:feed-web3-news-automatically
-
ift:2025q3-iam-operations
- Mediate access to DeFi protocols and smart contracts to Investment Roles
- Remove users and groups no longer needed in critical services and apps
- Output:
- Removed users no longer needed in Github
- Removed users no longer needed in Google
- Removed users no longer needed in Notion
- Finalized workflows and tests for log extraction from Google and Github
- Finalized workflows and tests for identifying, verifying leavers from systems
- Finalized workflows for verifying inactive users from Google, Github, Notion, Discord
- Added reporting and notifications for inactive Notion & Google users
- Tasks:
ift:2025q3-iam-operations:remove-unnecessary-users
ift:2025q3-security-automation:access-revalidation
-
ift:2025q3-incident-response-and-vulnerability-management
- Identify, assess, prioritize, and mitigate security vulnerabilities across the org infrastructure and programs.
- Identify, respond to, and resolve security incidents, with clear communication, ensuring minimal disruption to business operations.
- Output:
- Collected and archived phishing-related artifacts (email headers, wallet activity logs, message history)
- Performed log correlation analysis to detect possible secondary targets from the SNT phishing incident
- Run endpoint scans on affected accounts/devices to validate containment of potential compromise
- Updated IR runbooks with a “first-hour” response checklist for phishing incidents
- Conducted a short tabletop exercise with key stakeholders simulating a wallet compromise scenario
- Investigated new bug bounty submissions with PoC validation against staging environment
- Manually validated top 10 unresolved CodeQL alerts across 3 repos and flag false positives
- Wrote and shared mid-cycle summary of remediations (including trends, blockers, progress rate)
- Run a targeted static analysis review for crypto-related vulnerabilities across top repositories
- Verified recent CodeQL fixes were deployed in production and covered by CI security tests
- Cross-checked static analysis findings against runtime logs to confirm exploitability
- Coordinated with repo owners to close at atleast top 5 high/medium security issues by hands-on patch review
- Tasks:
ift:2025q3-security-operations:incident-response
ift:2025q3-security-operations:vulnerability-management
ift:2025q3-vulma-and-ir:remediation-tracking
-
ift:2025q3-cicd-security-improvement
-
ift:2025q3-threat-modelling-and architecture-design-reviews
- Review security requirements and protocols in the design and architecture of software
- Output:
- Manually traced CI/CD boundaries across top-5 components and linked security gaps (Dependabot/CodeQL)
- Open tracking issues for each identified architecture concern needing mitigation
- Performed secure code review on the latest Status wallet PRs focusing on authentication, key management, and storage handling
- Cross-checked implemented fixes from last quarter’s review against current codebase for regressions
- Audited CI pipeline secrets usage and validate enforcement of rotation policies
- Held architecture discussion with Status team on wallet security design and integration boundaries
- Deep dive secure code review on new Status browser and messaging PRs (focus: encryption, IPC, storage access)
- Manually tested wallet PRs for insecure key handling or bypass of authentication logic
- Reviewed CI/CD pipeline configs for provisioned token scopes and improper access permissions
- Tasks:
ift:2025q2-cicd-security-review:status-design-reviews
-
ift:2025q3-finance-workflow-automation
- Develop and/or support with development of new automations for Finance.
- Output:
- Followed-up on changes to Expensify PO process
- Verified changes in Iplicit API - impact on data synch
- Continued improvement lists for finance processes
- Mass PO improvements
- Tasks:
ift:2025q3-finance-automation
Nescience
Highlights
- Defined NSSA v0.1 protocol specs.
- Defined NSSA sequencer specs.
- Worked on R0 encryption demos.
- Designed Token Program and native token for NSSA.
- Improved our key protocol.
- Worked on implementing wallet extraction.
- 80% of the specs were implemented.
- 80% of the key protocol was implemented.
- Result-wise, we have defined and implemented the first version of the specs and improved our code. This Sprint helped us improve our architecture, with the possibility to have a first testnet prior to the deadline.
Report
vac:nes:state-separation-architecture-poc
-
Overview:
- Research-wise, we:
- Investigated and defined NSSA v0.1 protocol specs including types, accounts, programs, transactions’ structure, and state transitions.
- Investigated and defined NSSA sequencer specs including the block assembly process, the block structure and types, and the criteria for a well-formed block. All with pseudocode.
- Worked on and implemented different types of cipher stream needed for the protocol using R0, including Chacha20 and Shake256.
- Designed the Token Program for NSSA and native Token. This includes the token creation and supply, the transfer logic, and the account types.
- Drafted a first version of the fee mechanism for NSSA.
- Improved our key protocol by updating some data.
- Engineering-wise, we implemented:
- Node refactor.
- Wallet extraction.
- Structural improvements.
- Protocol public state and private state.
- 80% of the sequencer specs.
- 80% of the key protocol.
- R0 encryption demos.
- Research-wise, we:
-
List of deliverables (ordered as in task management):
- NSSA v0.1 specs
- Sequencer specs
- Sequencer pseudocode
- Token Program design
- Native token
- Fee mechanism
- Data storage removal and node refactor
- Implement NSSA v0.1 Public State
- Wallet CLI extension
- Structural improvements
- Implement NSSA v0.1 Private State
- Key protocol update public part
- Sequencer specs implementation
- Chacha20 in R0
- Shake256 in R0
-
Completed tasks (big tasks):
vac:nes:2025q2:state-separation-architecture-poc:specs
vac:nes:2025q2:state-separation-architecture-poc:swallet
vac:nes:2025q2:state-separation-architecture-poc:token-design
vac:nes:2025q2:state-separation-architecture-poc:specs-impl
vac:nes:2025q2:state-separation-architecture-poc:fee
-