Vac 2025/09/01 §
highlights §
- QA: Status-backend accounts and connector tests added.
- QA: Status-backend refactored API client.
- QA: Nim-libp2p rendezvous tests expanded with TTL and peer registration limit fixes.
- QA: Status desktop QA: multiple PRs tested for release 2.35; ongoing work to enable Windows CI.
- QA: Status mobile QA: framework hooks added and seed phrase flows in progress.
- SC: Implemented a bunch of new certora rules to harden the
StakeVault
implementation
- ACZ: Release de-MLS blogpost on vac.dev by merging its PR.
vac:p2p: §
vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
- mix#81 refactor: remove exit == destination
- mix#80 feat: mix runner
- mix#83 chore: add comments to public API
- Fix code review items and get PRs merged when possible
vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
- nim-ngtcp2#20 chore: remove nim 1.6 and macos-amd64 support
- nim-ngtcp2#19 chore: make quictls optional
- nim-libp2p#1664 fix: close identify stream without waiting for EOF
- fixes zig-libp2p interop
- however, @arnetheduck’s comment makes me think that the proper fix is to introduce stream resets
vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
- QUIC improvements
- chore: splitRPCMsg improvements nim-libp2p#1665
- Pushed a workaround to nph-action to avoid a bug introduced in the latest reviewdog version. nph-action#1
vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:client
- Rebased and opened PR for it nim-libp2p#1659
- Added tests for amplification attack prevention (with and without)
vac:p2p:ift:2025q3-nimlibp2p-autonat-v2:server
misc/admin
- Monthly report
- Assist in queries about go-waku / nwaku DiscoveryV5 interop not working as nodes are not getting discovered
- 3 CC days off
vac:tke: §
admin
- 1.5 CC day off + 2.5 sick days
vac:tke:nomos:stress-test::review-pos-sims
- developed the backbone of the PoS simulation
vac:tke:nomos:stress-test::review-nomos-da
- reviewed the state of dynamic state estimation (DSE)
- started conversation on requirements for DSE implementation
vac:tke:ift:logos-token::logos-strategy
- reviewed the whole work in view of the call with IFT
vac:tke:waku:services-incentive
- researching direct private payment schemes vs. credential based
vac:tke:status:karma-incentives
- fixing bugs in the staking demo app (e.g. faucet UI)
- continue work on the staking dashboard
- investigate the discrepancy in total Karma in the dashboard
vac:tke:status:cf
- Finished Reddit Scraper, started working on Farcaster one
- Keep working with Matt on GTM
- worked volume sims for pro-forma
- Write down report for CF
- Discuss with Matt
vac:tke:ift:tokenomics-research-forum::token-valuation
- incorporated team’s feedback into the work
vac:tke:ift:tokenomics-research-forum::tke-gpt
- defined the scope and the steps to accomplish this work
vac:tke:ift:tokenomics-research-forum::grantico
- continuing work in spare time
vac:tke:ift:tokenomics-research-forum::control
- Kept pushing reserch on Control Problem
vac:qa: §
status:2025q3-status-go-functional-testing:accounts
status:2025q3-status-go-functional-testing:framework-improvements
waku:2025q3-interop-testing:maintenance
waku:2025q3-rln-smart-contract-testing:edge-cases
waku:2025q3-interop-testing:liteprotocoltester
vac:2025q3-nim-libp2p-testing:rendezvous
status:2025q3-status-go-functional-testing:connector-service
status:2025q3-status-qa-desktop:release-testing
status:2025q3-status-qa-desktop:maintenance
(~51%)
status:2025q3-status-qa-mobile:framework-adjustments
admin/misc
- Interviews with Alejandro, Benjamin, Olena, Stefan
- Monthly QA reports
- Weekly VAC reports
- OOO: 3 cc Day
vac:dst: §
admin/misc
- 1 CC OOO Friday
- 1 CC sick leave Thursday
- Review candidates for DST position
- DST Framework call
- DST Monthly report
- Update DST roadmap (jswaku, nim-libp2p node)
- Delivered and coordinated machines for ACZ and discussed machine usage for Nescience
- Checked CPU usage of the lab and discussed lab refactor with Wings
- Scheduled next weekend (13th-14th)
- Investigate Status’s solution in status tests to DST scalability benchmarks.
- Review Status PRs
vac:dst:ift:2025q3-dst-research-destination:ethereum-foundation
- Contacted protolabs, no answer yet
vac:dst:vac:2025q3-libp2p-evaluation:evaluate-quic-v0.2.9
- Metrics are supposed to work correctly, problems comes from Quic inestability.
vac:dst:vac:2025q3-libp2p-evaluation:mix-re-evaluation
- Made isMix and selfTrigger environment variables
- Using individual Pods to manually configure nodes
- Scrape not working. Need to fix again.
vac:dst:waku:2025q3-waku-evaluation:js-waku
- Call with js-waku
- Found issue where jswaku config isn’t applied correctly
- Everything else for basic (local docker) workflow is working
- Have a plan for changes going forward
vac:dst:ift:2025q3-dst-tooling:general-tooling
- Created a thorough walkthrough of the building of a k8s deployment in the 10ksim deployment scripts.
- Continued discussion and comments on workflow
- Tuesday DST Framework sync call
vac:dst:ift:2025q3-dst-tooling:nim-libp2p-dst-node-refactor
- worked on mix integeration in shadow simulation
- Still facing some issues related to message propagation. Looking into message dissemination mechanism.
vac:sc: §
vac:sc:status-l2:2025q3-new-karma-requirements:voting-capabilities
- adding voting and votes delegation to Karma
vac:sc:status:2025q3-maintaining-status-contracts
- Refactor StakeVault to reuse excess token calculation
- Add certora rule verifying that
ERC20 balance == 0 => depostedBalance == 0
- Refactor
StakeVault
to use MigrationData
for more robust code
- Use CEI pattern in StakeVault
- Fix bug that
withdraw()
doesn’t ensure leave()
is called first
- Add a bunch of certora rules related to
StakeVault.depositedBalance()
to ensure its correctness
admin/misc
- Create new commitments and tasks for new Karma requirements
vac:acz: §
ift:2025q3-de-mls-tesnet:consensus-layer
- Updated tests for main functionality, fixed some small issues that were find during testing PR
ift:2025q3-rln-status-l2:maintaining
- Discussing with team about Epoch / Epoch slice + ddos
- Discussing with team about prover next steps
nes:2025q3-nescience-consulting:specs-compat
- Began specification and code base compatibility. Started compiling notes on code base, and pushed minor PRs to testnet to add comments 112 and 113.
nes:2025q3-nescience-consulting:nomos-deep-dive
- Approved Moudy’s suggestions to Nescience in Nomos document.
ift:2025q3-ift-zk-calls:ift-zk-call-3
- Led September’s zk call on GKR and wrote associated forum post.
ift:2025q3-zerokit:pmtree-config-builder
- Merged this PR(compeleted task).
ift:2025q3-rln-status-l2:stress-test
ift:2025q3-zerokit:zerokit-maintaining
- Fixed a CMake error that caused CI failures.
- Added “no test/benchmark” rules for Draft PRs in CI PR.
- Review PR
- FFI rework PR - WIP
ift:2025q3-rln-status-l2:monorepo-review
ift:2025q3-rln-status-l2:rln-spec-maintain
- Discuss on doc the abusing network detection is not priority right now.
ift:2025q3-de-mls-tesnet:multi-steward-rfc
ift:2025q3-de-mls-tesnet:consensus-rfc
nes:2025q3-nescience-consulting:dex-research
admin/misc
- Release de-MLS blogpost on vac.dev by merging its PR.
- 3 cc is ooo for 1 day
vac:rfc: §
vac:rfc:codex:2025q3-rfc-iteration
- Started work on rfc for codex DHT
vac:rfc:waku:2025q3-rfc-iteration:qaku
admin/misc
vac:sec: §
ift:2025q3-wallet-policy-update:write-and-review-new-version
- Tested antiphishing mechanisms
ift:2025q3-awareness-program:web3-security-essentials
- Shared web3 news about crime, phishing, malware, hacks and IoC with Finance (Weekly Update)
- Continued working on the BlockThreat and n8n integration
ift:2025q3-wallet-policy-update:backup-and-recovery-policies
- Worked on a Threat Model for Crypto asset management
ift:2025q3-cicd-security-review:status-design-reviews
- Reviewed Status Desktop address bar spoofing issue: audited URL parsing/rendering, added homograph/RTL/encoding tests
- Assessed Status Desktop self-DDoS risk: traced IPC/event loop calls, identified retry/fan-out issues, and validated mitigations with load testing
- Searched desktop modules for insecure use of eval/dynamic imports/remote content; suggested safe alternatives and added lint/test coverage
- Validated CI job definitions for secret exposure and artifact tampering; enforced least-privilege tokens and mandatory checks on sensitive PRs
ift:2025q3-vulma-and-ir:incidents
- Reconciled STATUS-331/332/333 external reports with wallet/desktop codebase; completed risk assessments
ift:2025q3-vulma-and-ir:remediation-tracking
- Reproduced and benchmarked top Waku issues; added failing tests and proposed lightweight patches
- Manually validated high-severity CodeQL findings in Waku repos; confirmed and annotated true/false positives
- Reviewed Dependabot upgrades for crypto/net libraries; built locally, tested, and approved/held updates with notes
ift:2025q3-iam-operations:remove-unnecessary-users
- Created Notion page with details of Inactive CCs
- Completed testing for AM Identify for Notion
- Completed testing for AM Identify for Google
- Added Inactive CC channel in Discord for notifications
ift:2025q3-security-automation
- Finalized new version of privacy news alert
ift:2025q3-security-automation:automatic-wallet-index-updates
- Tested Etherscan API integration
ift:2025q3-finance-automation
- Deployed changes to Mass PO in production
- Reviewed and validated proposed changes for Expensify PO
vac:nes: §
-
vac:nes:2025q3:state-separation-architecture-poc:fee
-
vac:nes:2025q3:state-separation-architecture-poc:groth16
-
vac:nes:2025q3:state-separation-architecture-poc:doc
-
state-separation-architecture-poc:specs-impl-2
- Finalized sequencer specs update PR 105
- Started private key protocol update PR 110
- Finished tag computation task (PR and task).
- Finished circuit tests task (PR and task).
-
vac:nes:2025q3:state-separation-architecture-poc:programs
- Finished piñata program task (PR and task)
vac:nim: §
ift:2025q3-nimble
- Adds support for some
when
expressions in the declarative parser. (https://github.com/nim-lang/nimble/pull/1457)
- Adds support some
when
expressions in the declarative parser.
- Uses
StringTableRef
to hold the defines
- WIP Support for filepath in requires (https://github.com/nim-lang/nimble/pull/1452)
- Reverts “patch” feature
- Builds a filepath package graph
- Prevent deps not pulled from
file://
to have filepath requires
- Adds test case “should not allow filepath deps in a top level package that is not being in development”
- Adds support for “requires” file. When present will parse the requires and add it to the main nimble file.
- Skips root validation
- allows to lock filepaths packages
vac:nim:ift:2025q3-nim-core-libs:nim-cbor-serialization