Vac 2025/09/01 §
highlights §
- TKE: all TKE-related docs and specs were approved by Nomos team
- QA: Waku RLN contract edge-case tests expanded with reentrancy protection fix in progress.
- QA: Waku REST API interop tests merged; rendezvous tests blocked pending infra fixes.
- QA: Waku Lite protocol testing started using Zoltan’s scripts for Store protocol.
- QA: Nim-libp2p rendezvous tests refactored and fixed pagination issue.
- QA: Status E2E desktop tests now working on Windows locally; CI support ongoing.
- QA: Working on extending Status Mobile framework with accessibility hooks and seed phrase tests.
- DST: Started working on a libp2p cross implementation repository
- SC: Uncovered and fixed a bunch of security vulnerabilities in
StakeVault
- ACZ: Anounced MLS RFC on X
- ACZ: Release the SN RLN prover benchmark doc regarding prover repo
- RFC: Completed the first draft of qaku rfc
- NES: Finished research Sprint 2 and already started Sprint 3.
vac:p2p: §
ift:2025q3-nimlibp2p-mix:mix-core
- mix#78 feat: replies (SURBs)
- mix#79 fix: dont use global variables
- WIP:
- benchmark metrics for DST (requested by @Akshaya to take priority over other mix tasks)
- cleanup reply table for cases in which reply never arrives
ift:2025q3-nimlibp2p-maintenance:maintenance
- nim-libp2p#1645 fix: dont send GoAway for unknown streams and mark streams as closed on conn close
- Issue reported by @Ivansete: streams were not being marked as closed on disconnect
- I noticed that a GoAway was being sent once streams were being closed, causing other active streams to be dropped as well
- nim-libp2p#1647 chore: temporarily disable performance plots from being published
- Issue reported by @arnetheduck: libp2p repository exceeded 500mb
- I’ll ask Infra to setup some storage where we could push the performance reports
ift:2025q3-nimlibp2p-maintenance:maintenance
- more QUIC refactoring and improvements
- resolved issues related to
read()
ocasionally locking nim-libp2p#1636
ift:2025q3-nimlibp2p-autonatv2
ift:2025q3-nimlibp2p-autonatv2:client
- Send DialRequest
- Receive DialDataRequest
- Send DialDataResponses
- Receive DialResponse
ift:2025q3-nimlibp2p-autonatv2:server
- Receive DialRequest
- Send DialResponse
- Amplification attack mitigation
- Check observed IP address against chosen IP address
- Send DialDataRequest
- Receive DialDataResponses until requirement is met
- Send DialBack & get DialBackResponse
- Send DialResponse
- Fixed a DialDataResponse bug where the server was not receiving messages from the client
admin/misc
- Helped run Nescience interview for Senior Rust Engineer role
- Close some older PRs and non-relevant issues (still a lot to go, tho)
- Assist in queries related to circuit-relay behavior on waku
vac:tke: §
admin/misc
- wrote down the team’s monthly report of deliverables
ift:logos-token::logos-strategy
- addressed team feedback about ecosystem incentivization doc
- ad-hoc research
nomos:stress-test::review-pos-sims
- reviewed the state of our PoS simulation
nomos:stress-test::review-nomos-da
- addressed a few outstanding comments from Alvaro
waku:services-incentive
- finalized reviewing the Service Incentivisation MVP
- continuing research
status:karma-incentives
- closely follow the Karma “emergency fix” and discussion around Karma distribution periods
- fixing bugs in staking demo app
ift:tokenomics-research-forum::grantico
- continuing work in spare time
status:cf
- Work with Matt on GTM
- Finished scraper for product research
ift:tokenomics-research-forum::control
- Kept pushing reserch on Control Problem
- Reviewed and attended research call
ift:tokenomics-research-forum::token-valuation
- finalized the report
- presented the work at our Research Call
vac:qa: §
status:2025q3-status-go-functional-testing:accounts
- Continue with remaining accounts methods
- Move draft PR in review and get it merged
waku:2025q3-rln-smart-contract-testing:edge-cases
waku:2025q3-interop-testing:REST-APIs-Extended
waku:2025q3-interop-testing:rendezvous-peer-discovery
waku:2025q3-interop-testing:liteprotocoltester
vac:2025q3-nim-libp2p-testing:rendezvous
status:2025q3-status-qa-desktop:maintenance
status:2025q3-status-qa-mobile:framework-adjustments
- Hook to expose Qt properties via accessibility framework - in progress
status:2025q3-status-qa-mobile:port-tests
- Started backup seed phrase test implementation
admin/misc
vac:dst: §
admin/misc
- Review candidates for DST position
- Got flights to Budapest and informed Pops
- Call with Codex
- Discussed differences between both frameworks, and approaches that could be taken
- Created notion document for next steps on the framework
- Machine for AZC
- Github PR
- Coordinate with Nescience to use this machine next week
- Went over the deployment code and open PRs
- Track and participate in gossipsub metrics spec draft
status:2025q3-status-go-chat-protocol-benchmarks:delay-and-store
- TODO notion document
- Call with Waku to investigate waku connections
- Peers were missing in admin endpoint. Missing information was fixed in nwaku v0.36
- Confirmed that peers added through
staticnode
argument are not exposed to be discovered even they have discv5 enabled.
vac:2025q3-libp2p-evaluation:mix-re-evaluation
- Github commit: pwhite/dst-changes-build-fix
- Fix for building Docker image
- Github PR: mix node deployment changes
- Still seeing violations where the first message is seen in the network from a non-exit node (normal gossipsub instead of mixnet route).
- Still seeing a discrepancy in delay with 0 delay 0 jitter for mixnet nodes. Some plots where message delay is less than zero.
- Gathering data sometimes seems to fail.
ift:2025q3-dst-tooling:general-tooling
- Deployment - Workflow
- Made some comments on this. Good discussion going.
- Tried full workflow with mixnet where the analysis script automatically grabs the parameters from experiment output.
ift:2025q3-dst-tooling:shadow-integration-scaffold
- Completed shadow integration for nim-libp2p, new repo created
- Shadow test runs with both, docker executable and build method
- Prometheus metrics were failing for large networks with metrics/httpclient.
- Prometheus metrics working fine with curl and staggering (slightly increases simulation time)
- The run script allows using custom configurations
vac:sc: §
ift:2025q3-fv-tools-research
- applied Kontrol to some of our Karma tests
- chatting with the Kontrol team to provide feedback on the errors we have running Kontrol on our repo
- tried the opensource version of certora in local
status:2025q2-sn-native-bridge-yield-bearing-module:research-design
- finished importing the Status contracts to the status network monorepo
status:2025q3-maintaining-status-contracts
- Implement fix for lockUntil vulnerability
- Allow for setting rewards when there’s a pending reward period
- Prevent bug that’s caused by
StakeVault
being transferrable
- Clean up
StakeVault
integrity checks
- Fix vulnerabilities related to
withdraw()
that allows users to withdraw their staked funds while their are locked
- Fix
lockUntil
not being reset during migration
vac:acz: §
ift:2025q3-de-mls-tesnet:consensus-layer
- Fully finished real voting, fixed some issues around removing user, added docs for part of the functionality PR
ift:2025q3-libp2p-mix-testnet:update-rfc
ift:2025q3-gossipsub-relay-rfc:relay-rfc
- Completed the GossipSub Relay Protocol RFC PR #178.
ift:2025q3-zerokit:libp2p-mix-repo
- Reviewed PRs #78 and #79.
- Discussed limitations of
exit ≠ destination
with P2P team.
- Documented detailed comparison between
exit == destination
and exit ≠ destination
in the Notion Page.
- Aligned with team to proceed with
exit ≠ destination
in both RFC and implementation, with security implications captured in Mix RFC.
- Synced with P2P team and on implementing logging on the latest branch for benchmarking.
ift:2025q2-zerokit:zerokit-maintaining
ift:2025q3-rln-status-l2:stress-test
nes:2025q3-nescience-consulting:dex-research
ift:2025q3-rln-status-l2:rln-spec-maintain
ift:2025q3-rln-status-l2:maintaining
ift:2025q3-de-mls-tesnet:multi-steward-rfc
- Worked on steward rotation by extracting requirements such as how to determine steward list and todos on malicious steward.
ift:2025q3-de-mls-tesnet:consensus-rfc
- Applied feedbacks PR, on final review.
nes:2025q3-nescience-consulting:privacy-projects-analysis
- Review privacy projects vs NSSA document
- Worked on privacy projects vs NSSA document.
admin/misc
- Review RLN think-tank doc
- Look into zk-creds paper for Waku research team credential requirements.
- Responded to Waku’s question about Fractional message transfer
- Provided feedback on FURPs: SN RLN and Zerokit. Due to this, added a question to SN RLN document
- Nescience review (for peer programming interview)
vac:rfc: §
codex:2025q3-rfc-iteration
- Started work on rfc for codex DHT
waku:2025q3-rfc-iteration:qaku
admin/misc
vac:sec: §
ift:2025q3-wallet-policy-update:write-and-review-new-version
- Tested signing requests and add new signatory procedures
- Pending to final review with Finance
ift:2025q3-awareness-program:web3-security-essentials
- Shared web3 news about crime, phishing, malware, hacks and IoC with Finance (Weekly Update)
- Continued working on the integration with n8n
ift:2025q3-multisig-secondary-interface-deployment:write-guides-and-best-practices
- Continued writing the guidelines to use Onchain Den when required
ift:2025q3-wallet-policy-update:backup-and-recovery-policies
- Started updating/creating backup and recovery policies and processes
ift:2025q3-cicd-security-review:status-design-reviews
- Completed secure code review on Status browser and messaging PRs, focusing on encryption, IPC, and storage access
- Manually tested wallet PRs for insecure key handling and authentication bypass risks
- Reviewed CI/CD pipeline configurations for hardcoded secrets and improper access controls
- Validated recently merged fixes through diff-based code review to confirm vulnerabilities were resolved
ift:2025q3-vulma-and-ir:incidents
- Reproduced SNT phishing attack flow in a controlled test environment to validate threat scenarios
- Performed log-based hunts for suspicious wallet activity linked to phishing indicators
- Investigated new bug bounty submissions and validated PoCs against staging
- Verified IR alerting pipeline by simulating phishing indicators across test accounts
ift:2025q3-vulma-and-ir:remediation-tracking
- Manually validated 5 high-severity CodeQL findings, confirming impact through code path analysis
- Reviewed and tested PRs addressing unresolved Dependabot alerts, confirming upgrades locally
- Cross-checked static analysis findings with runtime logs to assess exploitability
- Coordinated with repo owners to close several high/medium security issues via patch review and testing
ift:2025q3-iam-operations:remove-unnecessary-users
- Refactor logic for identifying Inactive CCs in Notion, Github, Google, Discord
- due to Blocker, add a page of Inactive CCs in Notion
- manually run and update Inactive CCs in Notion daily
- all user management processes will refer to the Inactive CCs Notion page
ift:2025q3-security-automation
- Finalized new version of privacy news alert
ift:2025q3-security-automation:automatic-wallet-index-updates
- Started python script inclusion, dependence on Python n8n docker
ift:2025q3-finance-automation
- Pending approval from Finance
- Deploy to prod pending the ending of payments for August
admin/misc
- Interviewed a candidate for the App Sec Engineer position. Moved forward to next stage
vac:nes: §
vac:nim: §
ift:2025q1-nimble
- Adds support for some
when
expressions in the declarative parser. (https://github.com/nim-lang/nimble/pull/1457)
- Adds support some
when
expressions in the declarative parser.
- Uses
StringTableRef
to hold the defines
- WIP Support for filepath in requires (https://github.com/nim-lang/nimble/pull/1452)
- Reverts “patch” feature
- Builds a filepath package graph
- Prevent deps not pulled from
file://
to have filepath requires
- Adds test case “should not allow filepath deps in a top level package that is not being in development”
- Adds support for “requires” file. When present will parse the requires and add it to the main nimble file.
- Skips root validation
- allows to lock filepaths packages
ift:2025q3-nim-core-libs:nim-cbor-serialization