P2P §
highlights §
- AutonatV2 development is complete
- Mix code has been merged in nim-libp2p
- Added options in gossipsub to choose whether the Preamble and IDontWant control messages should be sent when publishing a message
- Release v1.13.0
report §
-
vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
- Overview:
maintenance
- Release v1.13.0 of nim-libp2p
- Fixed missing imports in daily job
- Fixed a bug in parameter order when adding Yamux that caused the max possible number of streams per peer to be 256000
- Improvements in Quic on performance, memory usage, and code simplification
flaky-tests
- Reenabled temporarily the hole punching interop tests to investigate reason behind its failures
- Noticed that these tests hardcode the circuit relay server to be rust-libp2p
- Local Unit tests for circuit relay as well as usage of circuit relay in Waku makes us think that the problem is due to the test setup or rust-libp2p
- Due to other priorities, and due to the fact that this same test fails in rust-libp2p CI, we suspended the investigation
go-libp2p-daemon
- Removed the usage of go-libp2p-daemon as part of our unit tests
- It is not maintained
- Functionality is already covered via interop and unit tests
- No need for an additional toolchain, and also improves the CI speed
- Delivered deliverables:
-
vac:p2p:ift:2025q3-nimlibp2p-mix
- Overview:
- Add
exit == destination
as requested by Waku team, hidden under compilation flag
- Finish moving all code from vacp2p/mix into vacp2p/nim-libp2p
- Delivered deliverables:
- Completed tasks:
vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
-
vac:p2p:ift:2025q2-nimlibp2p-autonat-v2
- Overview:
Implemented AutonatV2 protocol suite and service
- Delivered deliverables:
- Completed tasks:
vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:service
vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:interop
vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:client
vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:server
-
misc/admin
Tokenomics §
highlights §
- Worked on market strategy, simulations, and pro-forma for CatsFishing
- Reviewed Karma issuance with live TVL data and maintained the staking demo app.
- Proposed models for dynamic stake for SDP participants, with constant interaction with Nomos team, and developed the first phase of Nomos PoS simulation tool, that encapsulates all Nomos markets.
- Grantico was updated and presented internally. We also made significant improvements over Optimal Control manuscript.
- Further TKE R&D work.
report §
-
vac:tke:ift:catsfishing:ad-hoc
- Overview:
- Created simulations on market expectations for the game, as well as creating a pro-forma of it.
- Did thorough market/user research scraping github and darcaster
- Completed tasks:
vac:tke:ift:catsfishing:ad-hoc:reddit-scrapper
vac:tke:ift:catsfishing:ad-hoc::fc-scrapper
vac:tke:ift:catsfishing:ad-hoc:pro-forma
-
vac:tke:status:karma-incentives
- Overview:
- Initial research into Cyp’s proposed Karma issuance, with the dashboard presenting the model with real TVL data
- Maintenance and minor bug fixes of the staking demo app
- Completed tasks:
vac:tke:status:karma-incentives:staking-dashboard
vac:tke:status:karma-incentives:staking-demo-support
-
vac:tke:nomos:stress-test
- Overview:
- Preliminary research of dynamic stake for SDP participants
- First phase of the development of a comprehensive PoS simulation tool for Nomos
- Completed tasks:
vac:tke:nomos:stress-test:dyn-stake-estimation
vac:tke:nomos:stress-test:review-pos-sims
-
vac:tke:ift:tokenomics-research-forum
- Overview:
- Updated Grantico and presented it internally, gathered feedback
- Significant improvements over Optimal Control paper
- Completed tasks:
vac:tke:ift:tokenomics-research-forum:grantico
QA §
highlights §
- Expanded Status-go functional testing: accounts, connector service, backup/restore, IP change, and RPC service refactoring.
- Improved Status-go test framework: API client, RPC parsing, service refactor, and bug investigations.
- Extended Waku RLN contract tests: edge cases, reentrancy, fuzz/property-based testing.
- Advanced Waku interop testing: Lite protocol stress tests, maintenance fixes, REST/admin APIs, Grafana monitoring, and retro bug handling.
- Completed Nim-libp2p Rendezvous testing with TTL, registration limits, error cases, and discovery manager refactor.
- Progressed Nim-libp2p Gossipsub performance tests with QUIC scenarios and visualization improvements.
- Validated Status Desktop releases (2.35, 2.36), Qt upgrades, Windows CI readiness, new backup-user-data feature, and bug fixes.
- Expanded Status Mobile testing with Appium: framework hooks, recovery/seed phrase flows, and ported multiple tests to e2e_appium.
- Conducted hiring, Q3 retro, and Q4 commitments preparation/merge.
report §
status:2025q3-status-go-functional-testing:accounts
- Overview:
- Implemented service tests (P3–P4), fixed flaky restore, validated account endpoints, logged bug for watch account capacity.
- Delivered Deliverables:
status:2025q3-status-go-functional-testing:connector-service
- Overview:
- Added connector service functional tests.
- Delivered Deliverables:
status:2025q3-status-go-functional-testing:framework-improvements
- Overview:
- Refactored API client, improved RPC handling, fixed IP change tests, replaced request validators with service methods, investigated bugs.
- Delivered Deliverables:
waku:2025q3-interop-testing:maintenance
- Overview:
- Fixed metrics, debugged nightly failures, invalid JSON bug found and logged, retro script fixes merged.
- Delivered Deliverables:
waku:2025q3-interop-testing:liteprotocoltester
- Overview:
- Stress testing with filter/store scripts, Grafana monitoring, Sonda debugging, retro fixes, merged old scripts.
- Delivered Deliverables:
waku:2025q3-rln-smart-contract-testing:edge-cases
- Overview:
- Expanded edge cases, added reentrancy checks, opened fuzz/property-based test expansion.
- Delivered Deliverables:
vac:2025q3-nim-libp2p-testing:rendezvous
- Overview:
- Implemented TTL/limit fixes, added error cases, completed discovery manager refactor, merged final tests.
- Delivered Deliverables:
vac:2025q3-nim-libp2p-testing:gossipsub-performance
- Overview:
- QUIC scenario added, metrics visualizations ongoing.
- Delivered Deliverables:
status:2025q3-status-qa-desktop:maintenance
- Overview:
- Fixed multiple test failures, added Windows CI support, Squish lib tweaks, toggle interaction fixes, backlog clean-up.
- Delivered Deliverables:
status:2025q3-status-qa-desktop:release-testing
- Overview:
- Validated releases 2.35/2.36, debugged sync and toast issues, Windows CI validation, Qt upgrades, nightly reviews, bug triage.
- Delivered Deliverables:
status:2025q3-status-qa-desktop:backup-user-data
- Overview:
- Started new tests and adjustments for backup-user-data feature.
status:2025q3-status-qa-mobile:framework-adjustments
- Overview:
- Built Appium framework hooks, CI integration, fixed Android build, reviewed workflows.
- Delivered Deliverables:
status:2025q3-status-qa-mobile:port-tests
- Overview:
- Ported tests to e2e_appium, added recovery flow, wallet account flows, merged multiple PRs.
- Delivered Deliverables:
admin/misc
- Overview:
- Conducted interviews, managed OOO schedules, prepared/merged Q4 commitments, ran Q3 retro, handled weekly/monthly reports.
- OOO: 26 CC Days
DST §
highlights §
- Changed Nomos local docker compose to decentralized Kubernetes deployment
- Found new issues in nim Mix implementation
- Confirmed JS-Waku setup works in DST experiments
- Nim-libp2p v1.13 report
- Removed cron from DST nim-libp2p node so an external publisher can be used
- Lots of discussions and changes regarding Status peer discovery
report §
admin/misc
:
- Overview:
- 2 CC OOO days
- 1 CC sick leave
- Review candidates for DST position
- DST Monthly report
- Update DST roadmap and Q4 commitments
- Delivered and coordinated machines for ACZ and discussed machine usage for Nescience
- Investigate Status’s solution in status tests to DST scalability benchmarks
- Calls with Waku for RLN task and understand assigment
- Calls with Status to debug discovery details in status-backend
- Attended Logos Barcelona
- DST Retrospective
vac:dst:ift:2025q3-dst-research-destination
- Overview:
- Contiue worked for EF grant
- Delivered deliverables:
- Completed tasks:
vac:dst:ift:2025q3-dst-research-destination:ethereum-foundation
(recurrent)
vac:dst:vac:2025q3-libp2p-evaluation
- Overview:
- New experiments for mix protocol
- Fixed nim build dependencies that caused the Docker image not to build
- Fixed regex nimlibp2p tracers for
dst-changes-main-s2
in analysis scripts
- Fixed auto-sharding and static sharding working/tested in js-waku
- Delivered deliverables:
- Completed tasks:
vac:dst:vac:2025q3-libp2p-evaluation:evaluate-quic-v0.2.9
vac:dst:vac:2025q3-libp2p-evaluation:mix-re-evaluation
vac:dst:vac:2025q3-libp2p-evaluation:regression-testing
(regression)
vac:dst:waku:2025q3-waku-evaluation
- Overview:
- Found issue where jswaku config isn’t applied correctly
- Successfully sent a lightpush message with jswaku running on Kubernetes
- Delivered deliverables:
- Completed tasks:
vac:dst:waku:2025q3-waku-evaluation:js-waku
vac:dst:waku:2025q3-waku-evaluation:js-waku-follow-up
vac:dst:waku:2025q3-waku-theoretical-analysis
- Overview:
- Revisited old waku theoretical analysis
- Delivered deliverables
- Completed tasks:
vac:dst:waku:2025q3-waku-theoretical-analysis:bandwidth
vac:dst:waku:2025q3-waku-theoretical-analysis:message-dissemination
vac:dst:ift:2025q3-dst-tooling
- Overview:
- Created a thorough walkthrough of the building of a k8s deployment in the 10ksim deployment scripts.
- Worked on mix integeration in shadow simulation.
- Implemented building Kubernetes deployment yamls for regression nodes with Python instead of helm
- Added http endpoint to nim-libp2p test node, usable in K8s and Shadow
- Worked on merging mix support in test node.
- Avoiding async calls in publish controller solves the problem
- Delivered deliverables:
- Completed tasks:
vac:dst:ift:2025q3-dst-tooling:general-tooling
(recurring)
vac:dst:ift:2025q3-dst-tooling:nim-libp2p-dst-node-refactor
vac:dst:ift:2025q3-dst-tooling:nim-libp2p-cron-removal
vac:dst:ift:2025q3-dst-tooling:deployment-refactor
vac:dst:ift:2025q3-dst-tooling:nim-libp2p-dst-node-refactor
vac:dst:status:2025q3-status-go-chat-protocol-benchmarks
- Overview:
- Cleanup status benchmark PRs
- Prepare scenarios for relay only
- Lots of back and forth between Status-Waku-DST for resolving issues regarding status peer discovery.
- Delivered deliverables:
- Completed tasks:
vac:dst:status:2025q3-status-go-chat-protocol-benchmarks:cleanup-resources
vac:dst:nomos:2025q3-nomos-scaling
- Overview:
- Coordinate with Nomos regarding the testnet
- Fixed several issues to deploy testnet in K8s
- Converting local Nomos compose.yaml to Kubernetes, to realize the first deploymet
- Delivered deliverables:
- Completed tasks:
vac:dst:nomos:2025q3-nomos-scaling:nomos-deployment-test
SC §
highlights §
- Overhaul of Status Network contracts deployment scripts
- Many new features and capabilities in
Karma
token
report §
ift:2025q3-fv-tools-research
- Researched FV tool alternatives
- Concluded that we’ll go with OS Certora and use the free plan for CI tasks
- Completed tasks
ift:2025q3-fv-tools-research
- Deliverables
- Document summarizing the research
vac:sc:status-l2:2025q3-new-karma-requirements
- Implemented voting capabilities in karma
- Added whitelisting for transfers
- Virtual to actual karma conversion
- Implemented custom airdrop contract for app teams
- Completed tasks
status:2025q3-new-karma-requirements:whitelist-transferability
status:2025q3-new-karma-requirements:design-native-app-distribution-system
status:2025q3-new-karma-requirements:implement-native-app-distribution-system
status:2025q3-new-karma-requirements:documentation
status:2025q3-new-karma-requirements:voting-capabilities
- Deliverables
ACZ §
highlights §
report §
-
ift:2025q3-de-mls-testnet
- Overview:
- Delivered deliverables:
- Completed tasks:
ift:2025q3-de-mls-tesnet:multi-steward-presentation
ift:2025q3-de-mls-tesnet:multi-steward-rfc
ift:2025q3-de-mls-tesnet:consensus-layer
ift:2025q3-de-mls-tesnet:de-mls-maintaining
-
ift:2025q3-zerokit
- Overview:
- Releasing Zerokit v0.9.0
- Having big endian support with zerokit v0.9.0
- Builder pattern for safer PmTreeConfig initialization
- Delivered deliverables:
- Completed tasks:
ift:2025q3-zerokit:pmtree-config-builder
ift:2025q3-zerokit:big-endian-support
ift:2025q3-zerokit:rln-wasm-maintaining
ift:2025q3-zerokit:zerokit-maintaining
ift:2025q3-zerokit:release
-
ift:2025q3-rln-status-l2
- Overview:
- Obtains benchmarks on different machines such as 32 and 128 core CPU
- Maintain and improved the RLN deployment RFC including decentralized slashing and gaschecking.
- Familiarity for the monorepo is obtained especially the prover module integtration.
- More than 1M user support is started.
- Applied optimization to achieve better TPS.
- Delivered deliverables:
- Completed tasks:
ift:2025q3-rln-status-l2:rln-spec-maintain
- `ift:2025q3-rln-status-l2:research-decentralized“
ift:2025q3-rln-status-l2:stress-test
ift:2025q3-rln-status-l2:maintaining
ift:2025q3-rln-status-l2:optimization
-
ift:2025q3-ift-zk-calls
- Overview:
- September IFT ZK Call is conducted
- Delivered deliverables:
- Completed tasks:
ift:2025q3-ift-zk-calls:ift-zk-call-3
-
ift:2025q3-libp2p-mix-testnet
- Overview:
- Delivered deliverables:
- Completed tasks:
ift:2025q3-libp2p-mix-testnet:update-rfc
ift:2025q3-gossipsub-relay-rfc:relay-rfc
ift:2025q3-libp2p-mix-testnet:unexpected-latency
ift:2025q3-libp2p-mix-testnet:consulting-waku-mix
ift:2025q3-libp2p-mix-testnet:multi-surb-design
ift:2025q3-libp2p-mix-testnet:libp2p-mix-repo
-
ift:2025q3-discovery-exploration
- Overview:
- Delivered deliverables:
- Completed tasks:
ift:2025q3-discovery-exploration:exploring
ift:2025q3-discovery-exploration:disc-ng-specs
-
nes:2025q3-nescience-consulting
- Overview:
- Finish to work on deep dive existing project
- Created AMM on NSS document.
- Prepared specification and code base compatibility document.
- Prepared investigation Nomos to deploying NSSA.
- Delivered deliverables:
- Completed tasks:
nes:2025q3-nescience-consulting:dex-research
nes:2025q3-nescience-consulting:privacy-projects-analysis
nes:2025q3-nescience-consulting:nomos-deep-dive
nes:2025q3-nescience-consulting:specs-compat
RFC §
highlights §
- Nomos specs have been merged into the rfc-index.
- Codex roadmap live, confirmed by the Codex team and work is underway.
- Qaku awaiting review.
report §
-
vac:rfc:codex:2025q3-rfc-iteration
- Overview:
- Working on several RFCs - Codex Manifest, DHT and Erasure Coding (still in draft)
- Also reviewing Slot builder (in progress)
- Created a roadmap for Codex on roadmap.vac.dev
- Delivered deliverables:
-
vac:rfc:ift:logos-poc
- Overview:
- Started to deliver the Logos POC RFCs
- Proposal to split them into several RFCs to keep track more easily since the original doc is large
- Finishing first week of October with 3 more RFCs
- Finished Logos Cross Languate Integration, Logos Module Development Guide, Logos Authentication Capability System, Logos SDK Implementation and Logos Specificatiopn
- Delivered deliverables
-
vac:rfc:nomos:2025q3-rfc-iteration
- Overview:
- Nomos specs have been merged into the rfc-index
- Minor fix over the links
- Delivered deliverables:
-
vac:rfc:status:2025q3-rfc-iteration
- Overview:
- Created a plan for the Chat specs for Status and Backend capability
- Delivered deliverables:
-
vac:rfc:waku:2025q3-rfc-iteration:
- Overview:
- Opchan review currently paused. Will get back to it asap.
- Updated a few RFCs that required attention
- Qaku ready for first round of reviews
- Delivered deliverables:
Nim §
highlights §
report §
Security §
highlights §
- Created a signatory onboarding process
- Updated runbook for adding owners to multisig wallets
- Created backup and recovery guidelines and best practices
- Developed a secure communication protocol for treasury ops with crypto assets
- Threat Model for crypto asset management and wallets
- Defined secondary UI to access Safe multisig wallets
- Tested the resilience of the signing process by following a secure communication protocol to identify attacks
- Deployed n8n Security Instance (trial/cloud)
- Removed users no longer needed in Google, Notion and Github
- Finalized identification of Inactive CCs for Google and Notion
- Reviewed and tested recent Status audit fixes to confirm vulnerabilities are fully patched
- Finished Operational Continuity procedures based on Threat Model
- Verified supply chain protections (hash pinning, lockfiles) in CI pipelines
- Reviewed wallet integration PRs for potential misuse of cryptographic primitives and unsafe storage handling
- Worked on the NPM supply chain attacks investigation against the IFT organization and risk analysis
report §
-
ift:2025q3-secure-treasury-management:wallet-policy-update
- Revalidate, update and/or create policies, processes and procedures around web3 security and wallet management
- Output:
- Created a signatory onboarding process
- Updated runbook for adding owners to multisig wallets
- Created backup and recovery guidelines and best practices
- Developed a secure communication protocol for treasury ops with crypto assets
- Tasks:
ift:2025q3-wallet-policy-update:signatory-onboarding-process
ift:2025q3-wallet-policy-update:backup-and-recovery-policy
ift:2025q3-wallet-policy-update:add-owner-to-multisig-runbook
ift:2025q3-wallet-policy-update:secure-communications-protocol
ift:2025q3-wallet-policy-update:submit-new-documentation-to-repos
-
ift:2025q3-secure-treasury-management:continuity-plan-development
- Ensure operational continuity in the Treasury Management process with crypto assets
- Output:
- Defined secondary UI to access Safe multisig wallets (backup and recovery)
- Threat Model for crypto asset management and wallets
- Tasks:
ift:2025q3-continuity-plan-development:secondary-interfaces-to-access-wallets
ift:2025q3-continuity-plan-development:crypto-wallet-threat-modeling
-
ift:2025q3-training-and-awareness-program:web3-security-guidelines
- Provide security guidelines and best practices about web3 and wallet management
- Output:
- Shared web3 news about crime, phishing, malware, hacks and IoC with Finance
- Continued testing the integration of n8n with AI Agents and BlockThreat to feed security news across the org
- Test the resilience of the signing process by defining and following a secure communication protocol
- Tasks:
ift:2025q3-awareness-program:web3-security-essentials
ift:2025q3-security-workflow-automation:feed-web3-news-automatically
ift:2025q3-awareness-program:signing-process-resilience-testing
-
ift:2025q3-security-workflow-automation
- Design, deploy and maintain automated workflows to support critical Security Ops and procedures
- Output:
- Deployed TOTP for authenticating communications in the signing process
- Deployed n8n Security Instance (trial/cloud)
- Etherscan API integration
- Continued workflow development for web3 security alerts (n8n with AI Agent + BlockThreat)
- Tasks:
ift:2025q3-security-automation:automatic-wallet-index-updates
ift:2025q3-security-workflow-automation:feed-web3-news-automatically
-
ift:2025q3-iam-operations
- Mediate access to DeFi protocols and smart contracts to Investment Roles.
- Remove users and groups no longer needed in critical services and apps.
- Output:
- Removed users no longer needed in Google, Notion and Github
- Finalized identification of Inactive CCs for Google and Notion
- Admin audit for Google and Github
- Tasks:
ift:2025q3-iam-operations:remove-unnecessary-users
ift:2025q3-security-automation:access-revalidation
ift:2025q3-iam-operations:admin audit
-
ift:2025q3-incident-response-and-vulnerability-management
- Identify, assess, prioritize, and mitigate security vulnerabilities across the org infrastructure and programs.
- Identify, respond to, and resolve security incidents, with clear communication, ensuring minimal disruption to business operations.
- Output:
- Reconciled STATUS-331/332/333 external reports with wallet/desktop codebase; completed risk assessments
- Investigated GitHub Pages in org repos for phishing content (malicious scripts, forms, or redirects)
- Performed focused code review of Waku PRs addressing reliability and security issues; confirmed test coverage was sufficient
- Manually validated high-severity CodeQL findings in Waku repos; confirmed and annotated true/false positives
- Reviewed Dependabot upgrades for crypto/net libraries; built locally, tested, and approved/held updates with notes
- Check supply chain CVEs for impact, create fixes or mitigation tasks where needed
- Verify supply chain protections (hash pinning, lockfiles) in CI pipelines
- Reviewed and tested recent Status audit fixes to confirm vulnerabilities are fully patched
- Worked on the NPM supply chain attacks investigation against the IFT organization and risk analysis
- Tasks:
ift:2025q3-security-operations:incident-response
ift:2025q3-security-operations:vulnerability-management
ift:2025q3-vulma-and-ir:remediation-tracking
-
ift:2025q3-cicd-security-improvement
/ift:2025q3-threat-modelling-and architecture-design-reviews
- Review security requirements and protocols in the design and architecture of software
- Output:
- Completed deep code review on Status Desktop PRs related to window rendering and navigation handling
- Reviewed wallet integration PRs for potential misuse of cryptographic primitives and unsafe storage handling
- Tested desktop modules for insecure error handling (stack traces, unhandled exceptions) and proposed sanitization patches
- Scan build dependencies (SBOM) to catch any new or unexpected packages
- Tasks:
ift:2025q2-cicd-security-review:status-design-reviews
-
ift:2025q3-finance-workflow-automation
- Develop and/or support with development of new automations for Finance.
- Output:
- Continued improvement lists for finance processes
- Mass PO improvements
- Tasks:
ift:2025q3-finance-automation
Nescience §
Highlights §
Report §