P2P

highlights

  • AutonatV2 development is complete
  • Mix code has been merged in nim-libp2p
  • Added options in gossipsub to choose whether the Preamble and IDontWant control messages should be sent when publishing a message
  • Release v1.13.0

report

  • vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance

    • Overview:
      • maintenance
        • Release v1.13.0 of nim-libp2p
        • Fixed missing imports in daily job
        • Fixed a bug in parameter order when adding Yamux that caused the max possible number of streams per peer to be 256000
        • Improvements in Quic on performance, memory usage, and code simplification
      • flaky-tests
        • Reenabled temporarily the hole punching interop tests to investigate reason behind its failures
        • Noticed that these tests hardcode the circuit relay server to be rust-libp2p
        • Local Unit tests for circuit relay as well as usage of circuit relay in Waku makes us think that the problem is due to the test setup or rust-libp2p
        • Due to other priorities, and due to the fact that this same test fails in rust-libp2p CI, we suspended the investigation
      • go-libp2p-daemon
        • Removed the usage of go-libp2p-daemon as part of our unit tests
          • It is not maintained
          • Functionality is already covered via interop and unit tests
          • No need for an additional toolchain, and also improves the CI speed
    • Delivered deliverables:
  • vac:p2p:ift:2025q3-nimlibp2p-mix

  • vac:p2p:ift:2025q2-nimlibp2p-autonat-v2

  • misc/admin

    • Overview:
      • 7 OOO days from CCs

Tokenomics

highlights

  • Worked on market strategy, simulations, and pro-forma for CatsFishing
  • Reviewed Karma issuance with live TVL data and maintained the staking demo app.
  • Proposed models for dynamic stake for SDP participants, with constant interaction with Nomos team, and developed the first phase of Nomos PoS simulation tool, that encapsulates all Nomos markets.
  • Grantico was updated and presented internally. We also made significant improvements over Optimal Control manuscript.
  • Further TKE R&D work.

report

  • vac:tke:ift:catsfishing:ad-hoc

    • Overview:
      • Created simulations on market expectations for the game, as well as creating a pro-forma of it.
      • Did thorough market/user research scraping github and darcaster
    • Completed tasks:
      • vac:tke:ift:catsfishing:ad-hoc:reddit-scrapper
      • vac:tke:ift:catsfishing:ad-hoc::fc-scrapper
      • vac:tke:ift:catsfishing:ad-hoc:pro-forma
  • vac:tke:status:karma-incentives

    • Overview:
      • Initial research into Cyp’s proposed Karma issuance, with the dashboard presenting the model with real TVL data
      • Maintenance and minor bug fixes of the staking demo app
    • Completed tasks:
      • vac:tke:status:karma-incentives:staking-dashboard
      • vac:tke:status:karma-incentives:staking-demo-support
  • vac:tke:nomos:stress-test

    • Overview:
      • Preliminary research of dynamic stake for SDP participants
      • First phase of the development of a comprehensive PoS simulation tool for Nomos
    • Completed tasks:
      • vac:tke:nomos:stress-test:dyn-stake-estimation
      • vac:tke:nomos:stress-test:review-pos-sims
  • vac:tke:ift:tokenomics-research-forum

    • Overview:
      • Updated Grantico and presented it internally, gathered feedback
      • Significant improvements over Optimal Control paper
    • Completed tasks:
      • vac:tke:ift:tokenomics-research-forum:grantico

QA

highlights

  • Expanded Status-go functional testing: accounts, connector service, backup/restore, IP change, and RPC service refactoring.
  • Improved Status-go test framework: API client, RPC parsing, service refactor, and bug investigations.
  • Extended Waku RLN contract tests: edge cases, reentrancy, fuzz/property-based testing.
  • Advanced Waku interop testing: Lite protocol stress tests, maintenance fixes, REST/admin APIs, Grafana monitoring, and retro bug handling.
  • Completed Nim-libp2p Rendezvous testing with TTL, registration limits, error cases, and discovery manager refactor.
  • Progressed Nim-libp2p Gossipsub performance tests with QUIC scenarios and visualization improvements.
  • Validated Status Desktop releases (2.35, 2.36), Qt upgrades, Windows CI readiness, new backup-user-data feature, and bug fixes.
  • Expanded Status Mobile testing with Appium: framework hooks, recovery/seed phrase flows, and ported multiple tests to e2e_appium.
  • Conducted hiring, Q3 retro, and Q4 commitments preparation/merge.

report

  • status:2025q3-status-go-functional-testing:accounts
    • Overview:
      • Implemented service tests (P3–P4), fixed flaky restore, validated account endpoints, logged bug for watch account capacity.
    • Delivered Deliverables:
  • status:2025q3-status-go-functional-testing:connector-service
    • Overview:
      • Added connector service functional tests.
    • Delivered Deliverables:
  • status:2025q3-status-go-functional-testing:framework-improvements
    • Overview:
      • Refactored API client, improved RPC handling, fixed IP change tests, replaced request validators with service methods, investigated bugs.
    • Delivered Deliverables:
  • waku:2025q3-interop-testing:maintenance
    • Overview:
      • Fixed metrics, debugged nightly failures, invalid JSON bug found and logged, retro script fixes merged.
    • Delivered Deliverables:
  • waku:2025q3-interop-testing:liteprotocoltester
    • Overview:
      • Stress testing with filter/store scripts, Grafana monitoring, Sonda debugging, retro fixes, merged old scripts.
    • Delivered Deliverables:
  • waku:2025q3-rln-smart-contract-testing:edge-cases
    • Overview:
      • Expanded edge cases, added reentrancy checks, opened fuzz/property-based test expansion.
    • Delivered Deliverables:
  • vac:2025q3-nim-libp2p-testing:rendezvous
    • Overview:
      • Implemented TTL/limit fixes, added error cases, completed discovery manager refactor, merged final tests.
    • Delivered Deliverables:
  • vac:2025q3-nim-libp2p-testing:gossipsub-performance
    • Overview:
      • QUIC scenario added, metrics visualizations ongoing.
    • Delivered Deliverables:
  • status:2025q3-status-qa-desktop:maintenance
    • Overview:
      • Fixed multiple test failures, added Windows CI support, Squish lib tweaks, toggle interaction fixes, backlog clean-up.
    • Delivered Deliverables:
  • status:2025q3-status-qa-desktop:release-testing
    • Overview:
      • Validated releases 2.35/2.36, debugged sync and toast issues, Windows CI validation, Qt upgrades, nightly reviews, bug triage.
    • Delivered Deliverables:
  • status:2025q3-status-qa-desktop:backup-user-data
    • Overview:
      • Started new tests and adjustments for backup-user-data feature.
  • status:2025q3-status-qa-mobile:framework-adjustments
    • Overview:
      • Built Appium framework hooks, CI integration, fixed Android build, reviewed workflows.
    • Delivered Deliverables:
  • status:2025q3-status-qa-mobile:port-tests
    • Overview:
      • Ported tests to e2e_appium, added recovery flow, wallet account flows, merged multiple PRs.
    • Delivered Deliverables:
  • admin/misc
    • Overview:
      • Conducted interviews, managed OOO schedules, prepared/merged Q4 commitments, ran Q3 retro, handled weekly/monthly reports.
      • OOO: 26 CC Days

DST

highlights

  • Changed Nomos local docker compose to decentralized Kubernetes deployment
  • Found new issues in nim Mix implementation
  • Confirmed JS-Waku setup works in DST experiments
  • Nim-libp2p v1.13 report
  • Removed cron from DST nim-libp2p node so an external publisher can be used
  • Lots of discussions and changes regarding Status peer discovery

report

  • admin/misc:
    • Overview:
      • 2 CC OOO days
      • 1 CC sick leave
      • Review candidates for DST position
      • DST Monthly report
      • Update DST roadmap and Q4 commitments
      • Delivered and coordinated machines for ACZ and discussed machine usage for Nescience
      • Investigate Status’s solution in status tests to DST scalability benchmarks
      • Calls with Waku for RLN task and understand assigment
      • Calls with Status to debug discovery details in status-backend
      • Attended Logos Barcelona
      • DST Retrospective
  • vac:dst:ift:2025q3-dst-research-destination
    • Overview:
      • Contiue worked for EF grant
    • Delivered deliverables:
      • No deliverables
    • Completed tasks:
      • vac:dst:ift:2025q3-dst-research-destination:ethereum-foundation (recurrent)
  • vac:dst:vac:2025q3-libp2p-evaluation
    • Overview:
      • New experiments for mix protocol
      • Fixed nim build dependencies that caused the Docker image not to build
      • Fixed regex nimlibp2p tracers for dst-changes-main-s2 in analysis scripts
      • Fixed auto-sharding and static sharding working/tested in js-waku
    • Delivered deliverables:
    • Completed tasks:
      • vac:dst:vac:2025q3-libp2p-evaluation:evaluate-quic-v0.2.9
      • vac:dst:vac:2025q3-libp2p-evaluation:mix-re-evaluation
      • vac:dst:vac:2025q3-libp2p-evaluation:regression-testing (regression)
  • vac:dst:waku:2025q3-waku-evaluation
    • Overview:
      • Found issue where jswaku config isn’t applied correctly
      • Successfully sent a lightpush message with jswaku running on Kubernetes
    • Delivered deliverables:
    • Completed tasks:
      • vac:dst:waku:2025q3-waku-evaluation:js-waku
      • vac:dst:waku:2025q3-waku-evaluation:js-waku-follow-up
  • vac:dst:waku:2025q3-waku-theoretical-analysis
    • Overview:
      • Revisited old waku theoretical analysis
    • Delivered deliverables
    • Completed tasks:
      • vac:dst:waku:2025q3-waku-theoretical-analysis:bandwidth
      • vac:dst:waku:2025q3-waku-theoretical-analysis:message-dissemination
  • vac:dst:ift:2025q3-dst-tooling
  • vac:dst:status:2025q3-status-go-chat-protocol-benchmarks
  • vac:dst:nomos:2025q3-nomos-scaling
    • Overview:
      • Coordinate with Nomos regarding the testnet
      • Fixed several issues to deploy testnet in K8s
      • Converting local Nomos compose.yaml to Kubernetes, to realize the first deploymet
    • Delivered deliverables:
    • Completed tasks:
      • vac:dst:nomos:2025q3-nomos-scaling:nomos-deployment-test

SC

highlights

  • Overhaul of Status Network contracts deployment scripts
  • Many new features and capabilities in Karma token

report

  • ift:2025q3-fv-tools-research
    • Researched FV tool alternatives
    • Concluded that we’ll go with OS Certora and use the free plan for CI tasks
    • Completed tasks
      • ift:2025q3-fv-tools-research
    • Deliverables
      • Document summarizing the research
  • vac:sc:status-l2:2025q3-new-karma-requirements
    • Implemented voting capabilities in karma
    • Added whitelisting for transfers
    • Virtual to actual karma conversion
    • Implemented custom airdrop contract for app teams
    • Completed tasks
      • status:2025q3-new-karma-requirements:whitelist-transferability
      • status:2025q3-new-karma-requirements:design-native-app-distribution-system
      • status:2025q3-new-karma-requirements:implement-native-app-distribution-system
      • status:2025q3-new-karma-requirements:documentation
      • status:2025q3-new-karma-requirements:voting-capabilities
    • Deliverables

ACZ

highlights

report

RFC

highlights

  • Nomos specs have been merged into the rfc-index.
  • Codex roadmap live, confirmed by the Codex team and work is underway.
  • Qaku awaiting review.

report

Nim

highlights

report

Security

highlights

  • Created a signatory onboarding process
  • Updated runbook for adding owners to multisig wallets
  • Created backup and recovery guidelines and best practices
  • Developed a secure communication protocol for treasury ops with crypto assets
  • Threat Model for crypto asset management and wallets
  • Defined secondary UI to access Safe multisig wallets
  • Tested the resilience of the signing process by following a secure communication protocol to identify attacks
  • Deployed n8n Security Instance (trial/cloud)
  • Removed users no longer needed in Google, Notion and Github
  • Finalized identification of Inactive CCs for Google and Notion
  • Reviewed and tested recent Status audit fixes to confirm vulnerabilities are fully patched
  • Finished Operational Continuity procedures based on Threat Model
  • Verified supply chain protections (hash pinning, lockfiles) in CI pipelines
  • Reviewed wallet integration PRs for potential misuse of cryptographic primitives and unsafe storage handling
  • Worked on the NPM supply chain attacks investigation against the IFT organization and risk analysis

report

  • ift:2025q3-secure-treasury-management:wallet-policy-update

    • Revalidate, update and/or create policies, processes and procedures around web3 security and wallet management
    • Output:
      • Created a signatory onboarding process
      • Updated runbook for adding owners to multisig wallets
      • Created backup and recovery guidelines and best practices
      • Developed a secure communication protocol for treasury ops with crypto assets
    • Tasks:
      • ift:2025q3-wallet-policy-update:signatory-onboarding-process
      • ift:2025q3-wallet-policy-update:backup-and-recovery-policy
      • ift:2025q3-wallet-policy-update:add-owner-to-multisig-runbook
      • ift:2025q3-wallet-policy-update:secure-communications-protocol
      • ift:2025q3-wallet-policy-update:submit-new-documentation-to-repos
  • ift:2025q3-secure-treasury-management:continuity-plan-development

    • Ensure operational continuity in the Treasury Management process with crypto assets
    • Output:
      • Defined secondary UI to access Safe multisig wallets (backup and recovery)
      • Threat Model for crypto asset management and wallets
    • Tasks:
      • ift:2025q3-continuity-plan-development:secondary-interfaces-to-access-wallets
      • ift:2025q3-continuity-plan-development:crypto-wallet-threat-modeling
  • ift:2025q3-training-and-awareness-program:web3-security-guidelines

    • Provide security guidelines and best practices about web3 and wallet management
    • Output:
      • Shared web3 news about crime, phishing, malware, hacks and IoC with Finance
      • Continued testing the integration of n8n with AI Agents and BlockThreat to feed security news across the org
      • Test the resilience of the signing process by defining and following a secure communication protocol
    • Tasks:
      • ift:2025q3-awareness-program:web3-security-essentials
      • ift:2025q3-security-workflow-automation:feed-web3-news-automatically
      • ift:2025q3-awareness-program:signing-process-resilience-testing
  • ift:2025q3-security-workflow-automation

    • Design, deploy and maintain automated workflows to support critical Security Ops and procedures
    • Output:
      • Deployed TOTP for authenticating communications in the signing process
      • Deployed n8n Security Instance (trial/cloud)
      • Etherscan API integration
      • Continued workflow development for web3 security alerts (n8n with AI Agent + BlockThreat)
    • Tasks:
      • ift:2025q3-security-automation:automatic-wallet-index-updates
      • ift:2025q3-security-workflow-automation:feed-web3-news-automatically
  • ift:2025q3-iam-operations

    • Mediate access to DeFi protocols and smart contracts to Investment Roles.
    • Remove users and groups no longer needed in critical services and apps.
    • Output:
      • Removed users no longer needed in Google, Notion and Github
      • Finalized identification of Inactive CCs for Google and Notion
      • Admin audit for Google and Github
    • Tasks:
      • ift:2025q3-iam-operations:remove-unnecessary-users
      • ift:2025q3-security-automation:access-revalidation
      • ift:2025q3-iam-operations:admin audit
  • ift:2025q3-incident-response-and-vulnerability-management

    • Identify, assess, prioritize, and mitigate security vulnerabilities across the org infrastructure and programs.
    • Identify, respond to, and resolve security incidents, with clear communication, ensuring minimal disruption to business operations.
    • Output:
      • Reconciled STATUS-331/332/333 external reports with wallet/desktop codebase; completed risk assessments
      • Investigated GitHub Pages in org repos for phishing content (malicious scripts, forms, or redirects)
      • Performed focused code review of Waku PRs addressing reliability and security issues; confirmed test coverage was sufficient
      • Manually validated high-severity CodeQL findings in Waku repos; confirmed and annotated true/false positives
      • Reviewed Dependabot upgrades for crypto/net libraries; built locally, tested, and approved/held updates with notes
      • Check supply chain CVEs for impact, create fixes or mitigation tasks where needed
      • Verify supply chain protections (hash pinning, lockfiles) in CI pipelines
      • Reviewed and tested recent Status audit fixes to confirm vulnerabilities are fully patched
      • Worked on the NPM supply chain attacks investigation against the IFT organization and risk analysis
    • Tasks:
      • ift:2025q3-security-operations:incident-response
      • ift:2025q3-security-operations:vulnerability-management
      • ift:2025q3-vulma-and-ir:remediation-tracking
  • ift:2025q3-cicd-security-improvement/ift:2025q3-threat-modelling-and architecture-design-reviews

    • Review security requirements and protocols in the design and architecture of software
    • Output:
      • Completed deep code review on Status Desktop PRs related to window rendering and navigation handling
      • Reviewed wallet integration PRs for potential misuse of cryptographic primitives and unsafe storage handling
      • Tested desktop modules for insecure error handling (stack traces, unhandled exceptions) and proposed sanitization patches
      • Scan build dependencies (SBOM) to catch any new or unexpected packages
    • Tasks:
      • ift:2025q2-cicd-security-review:status-design-reviews
  • ift:2025q3-finance-workflow-automation

    • Develop and/or support with development of new automations for Finance.
    • Output:
      • Continued improvement lists for finance processes
      • Mass PO improvements
    • Tasks:
      • ift:2025q3-finance-automation

Nescience

Highlights

Report