Vac R&D Roadmaps and Reports

Search

SearchSearch

2025-06-09 Vac weekly

Jun 09, 2025, 8 min read

Vac 2025/06/09

highlights

  • Finished refactoring the DST analysis codebase, now is more modular and easier to expand for other projects.
  • Implementations of L1/2EthBridge for SN have started.
  • Released Zerokit v0.8.
  • Finalize production version of Security App Catalogue update process

vac:p2p:

  • ift:2025q1-gossipsub-perf-improvements
    • Worked on GossipSub v1.4 production implementation. First PR is here.
      • Still need to add safety strategy (Will need 1-2 days more).
  • vac:p2p:acz:2025q2-acz-consulting:libp2p-mix-consulting
    • Had a pair session with Ben from ACZ going over the libp2p changes for mix.
    • Gave some tips on how to improve the code
    • We went over the publish / receive logic of gossipsub. Suggested to use a set of fixed node keys to make it easier to debug issues with mix
    • Troubleshoot the custom connections PR to see why Gossipsub tests were failing. Found the issue and suggested fix (wrong method signature)
  • vac:p2p:ift:2025q2-nimlibp2p-kad-dht:routing-and-rpc
    • Did a small refactoring over the kad-dht code to separate the concept of keys and peerIds in the routing table
  • vac:p2p:acz:2025q2-acz-consulting:de-mls-consulting
    • Helped publish a new version of zerokit RLN in npm
    • Asked Franck from Waku to grant access to waku’s npm org to Ekaterina so she can publish new versions herself and not blocked by this
  • vac:p2p:ift:2025q2-nimlibp2p-maintenance:maintenance
    • investigated nim-libp2p#1367: hole punching interop tests stopped working
      • was able to run hp tests locally, with suprisngly small effort
      • no other libp2p implementation has this implemented and working
        • rust have this tests but are failing
        • other implementations don’t have these tests
      • notified libp2p discord communiti; raising concerns
      • suggestion: to postpone with futher efforts on making this work untill tests are fixed or there is some other implementation with working tests
    • chore(gossipsub): add consts nim-libp2p#1447
    • fix(ci-daily): delete cache action will continue on error nim-libp2p#1435
    • work on libp2p/test-plans
      • implemented libp2p perf for nim
      • add nim-libp2p impl for hole punching libp2p/test-plans#322
        • should postpone effrot untill #1367 is fixed
    • roadmap#174 wrote the universal connectivity app commitment for the roadmap
    • Worked with Ivan from Waku on nim-libp2p#1438
      • The purpose was trying to figure out if a Future was not being completed.
      • Ended up closign the PR due to not understanding correctly the behavior of the connectedFutfuture when writing the PR so the solution was incorrect and not needed
    • libp2p/test-plan#656: update transport-interop to v1.10.x
      • @manushel from libp2p reported the chronicles 0.10.3 / 0.11.0 issue with interop. Ended up creating a PR -
    • nim-libp2p#1439 - Add libp2p_network_bytes metric to Quic
    • Managed to run the prometheus metrics with libp2p. Still trying to figure out what’s up with nim-libp2p memory usage when using quic. I might need to run pprof equivalent for nim, as nim-metrics does not display any useful metric
  • Troubleshoot nim-chronicles breaking things downstream - Spent a lot of time with Ben and Akshaya trying to get couple of projects to compile - In addition to that happening, a related issue affected DST Gossipsub Test Node, not letting the code compile - The problem seems to be happening in nimble and an opened nim-lang/nimble#1403 in nimble repo for @jmgomez
  • vac:p2p:ift:2025q2-nimlibp2p-autotls
    • Started to do peeridauth (this is a nice byproduct of autotls btw) #1445
    • Submitted the AutoTLS Client spec to libp2p #682
    • addressed a couple grammar issues they found
    • vac:p2p:ift:2025q2-nimlibp2p-webtransport:http3-client
    • vac:p2p:ift:2025q2-nimlibp2p-autotls:acme-registration
    • vac:p2p:ift:2025q2-nimlibp2p-autotls:certificate-request-challenge
  • misc/admin:

vac:tke:

vac:qa:

vac:dst:

  • admin/misc
  • vac:dst:ift:2025q2-dst-tooling:analysis-refactor
    • Finished main part of the refactor: Github PR
  • vac:dst:vac:2025q2-libp2p-evaluation:mix-gossipsub
  • vac:dst:ift:2025q2-dst-tooling:adapt-experiments

vac:sc:

vac:acz:

  • ift:2025q2-libp2p-mix-testnet:update-rfc
    • Finalized Section 7; Working on Section 8 out of 10, PR
  • ift:2025q2-libp2p-mix-testnet:nomos-comparison
    • Continued reviewing the Blend Protocol spec; Updated Blend protocol overview on Notion Doc.
  • nes:2025q2-nescience-consulting:light-users
  • acz:nomos:2025q2-nomos-consulting:zk-consulting-nomos-2
  • ift:2025q2-ift-zk-calls:ift-zk-call-3
    • Led zk call and post corresponding forum post.
  • 2025q2-libp2p-mix-testnet:solve-discrepancy
    • Merged structured, feature-flagged logging system PR 25
    • Significant issues with dependency and docker build issues
    • Had detailed syncs with Ben to align on tasks; clarified next steps.
    • PR #1420
      • Incrementally reintroduced changes to isolate and resolve prior GossipSub test and CI failures.
      • Made PR stable and ready for review.
      • Addressed all initial review comments.
      • Working on tests for custom connection logic.
        • Encountering time out error with DummyConnection [WiP].
    • Worked with DST on benchmarking setup; faced dependency issues.
  • ift:2025q2-zerokit:perfomance-updates-blogpost
  • ift:2025q2-rln-status-l2:rpc-node-modification
    • Add test cases for the current modifications to the RPC node (PR)
    • Continue setting up the connection to Linea mainnet on the test machine
  • ift:2025q2-zerokit:release
    • Published new zerokit release. It includes new releases for zerokit-utils and zerokit-wasm
  • ift:2025q2-de-mls-tesnet:consensus-rfc
  • ift:2025q2-de-mls-tesnet:blogpost-de-mls-over-waku
    • Pushed few minor changes into PR
    • Update the PR by changing admin words to steward and it is on review.
  • ift:2025q2-de-mls-tesnet:commit-and-proposal
    • Worked on splitting commit message to proposal and commit message branch
  • ift:2025q2-zerokit:zerokit-maintaining
  • ift:2025q2-rln-status-l2:prover-service
  • admin/misc
    • 1 cc was ooo for 3 days (bank holiday)
    • 1 cc was ooo for 2 days (family care)

vac:nim:

  • ift:2025q1-nimble
    • vNext WIP #1402
      • Allow for installing global url packages
      • Fixes an issue where .babel packages wasnt picking their requires correctly
      • Install root package in the nimble directory when in global (There is an issue with nimble itself)
      • Partial support for uninstall in vnext (to be complete, we need to take into account develop)
      • Progress
      • Support for requires flags. Support for custom actions (aka test)
      • Fixes some tests
      • Dont log the action if not in vnext (it makes some fragile tests to fail)
      • Handles namedBins for the root package. Fixes an issue with install
      • mark as used
      • removes unnecessary echo
    • vnext lock support
    • [WIP] fixes #1403 “Error on nimble install: Cannot satisfy the dependency
    • Review PRs

vac:rfc:

vac:sec:

  • ift:2025q2-signatory-registry-implementation:signatory-inventory-revalidation
    • EOA included
  • ift:2025q2-signatory-registry-implementation:signatory-vault-deployment
    • Started the deployment of a secure vault to store the master signatory db
  • ift:2025q2-signatory-registry-implementation:signatory-data-verification
    • Continued the collection of signatory information
  • ift:2025q2-audit-plan-refinement:smart-contract-testing
    • Designed negative test cases targeting Vault withdrawal and access control logic.
    • Collaborated with the Codex engineering team to review recent Vault optimizations for hidden risks.
    • Automated invariant checks for Vault contract behaviors under simulated high-load conditions.
  • ift:2025q2-cicd-security-review:gha-hardening
    • Worked with remediation plans for unresolved CodeQL issues across top repositories.
    • Audited dependencies flagged by Dependabot for transitive risk and perform validations.
  • ift:2025q2-vulma-and-ir:remediation-tracking
    • Performed a security audit of the Status web architectural changes outlined in status-web (issue#692).
  • ift:2025q2-security-automation: POC for app catalogue update from Expensify
    • Fixed list of fields for App Catalogue, considering incoming data from Expensify
  • ift:2025q2-iam-operations:remove-unnecessary-users
    • Defined a security role for Google Admin to be able to revalidate users and groups
    • Continued investigation of CC removal from Iplicit and Expensify
    • Removed users from Github, Discord and Notion

vac:nes:

Graph View

Backlinks

  • No backlinks found