Vac 2025/09/01

highlights

  • QA: Status-backend accounts and connector tests added.
  • QA: Status-backend refactored API client.
  • QA: Nim-libp2p rendezvous tests expanded with TTL and peer registration limit fixes.
  • QA: Status desktop QA: multiple PRs tested for release 2.35; ongoing work to enable Windows CI.
  • QA: Status mobile QA: framework hooks added and seed phrase flows in progress.
  • SC: Implemented a bunch of new certora rules to harden the StakeVault implementation
  • ACZ: Release de-MLS blogpost on vac.dev by merging its PR.

vac:p2p:

  • vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
    • mix#81 refactor: remove exit == destination
    • mix#80 feat: mix runner
    • mix#83 chore: add comments to public API
    • Fix code review items and get PRs merged when possible
  • vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
    • nim-ngtcp2#20 chore: remove nim 1.6 and macos-amd64 support
    • nim-ngtcp2#19 chore: make quictls optional
    • nim-libp2p#1664 fix: close identify stream without waiting for EOF
      • fixes zig-libp2p interop
      • however, @arnetheduck’s comment makes me think that the proper fix is to introduce stream resets
  • vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
    • QUIC improvements
    • chore: splitRPCMsg improvements nim-libp2p#1665
    • Pushed a workaround to nph-action to avoid a bug introduced in the latest reviewdog version. nph-action#1
  • vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:client
    • Rebased and opened PR for it nim-libp2p#1659
    • Added tests for amplification attack prevention (with and without)
  • vac:p2p:ift:2025q3-nimlibp2p-autonat-v2:server
  • misc/admin
    • Monthly report
    • Assist in queries about go-waku / nwaku DiscoveryV5 interop not working as nodes are not getting discovered
    • 3 CC days off

vac:tke:

  • admin
    • 1.5 CC day off + 2.5 sick days
  • vac:tke:nomos:stress-test::review-pos-sims
    • developed the backbone of the PoS simulation
  • vac:tke:nomos:stress-test::review-nomos-da
    • reviewed the state of dynamic state estimation (DSE)
    • started conversation on requirements for DSE implementation
  • vac:tke:ift:logos-token::logos-strategy
    • reviewed the whole work in view of the call with IFT
  • vac:tke:waku:services-incentive
    • researching direct private payment schemes vs. credential based
  • vac:tke:status:karma-incentives
    • fixing bugs in the staking demo app (e.g. faucet UI)
    • continue work on the staking dashboard
    • investigate the discrepancy in total Karma in the dashboard
  • vac:tke:status:cf
    • Finished Reddit Scraper, started working on Farcaster one
    • Keep working with Matt on GTM
    • worked volume sims for pro-forma
    • Write down report for CF
    • Discuss with Matt
  • vac:tke:ift:tokenomics-research-forum::token-valuation
    • incorporated team’s feedback into the work
  • vac:tke:ift:tokenomics-research-forum::tke-gpt
    • defined the scope and the steps to accomplish this work
  • vac:tke:ift:tokenomics-research-forum::grantico
    • continuing work in spare time
  • vac:tke:ift:tokenomics-research-forum::control
    • Kept pushing reserch on Control Problem

vac:qa:

vac:dst:

  • admin/misc
    • 1 CC OOO Friday
    • 1 CC sick leave Thursday
    • Review candidates for DST position
    • DST Framework call
    • DST Monthly report
    • Update DST roadmap (jswaku, nim-libp2p node)
    • Delivered and coordinated machines for ACZ and discussed machine usage for Nescience
      • Checked CPU usage of the lab and discussed lab refactor with Wings
      • Scheduled next weekend (13th-14th)
    • Investigate Status’s solution in status tests to DST scalability benchmarks.
    • Review Status PRs
  • vac:dst:ift:2025q3-dst-research-destination:ethereum-foundation
    • Contacted protolabs, no answer yet
  • vac:dst:vac:2025q3-libp2p-evaluation:evaluate-quic-v0.2.9
    • Metrics are supposed to work correctly, problems comes from Quic inestability.
  • vac:dst:vac:2025q3-libp2p-evaluation:mix-re-evaluation
    • Made isMix and selfTrigger environment variables
    • Using individual Pods to manually configure nodes
    • Scrape not working. Need to fix again.
  • vac:dst:waku:2025q3-waku-evaluation:js-waku
    • Call with js-waku
      • Found issue where jswaku config isn’t applied correctly
      • Everything else for basic (local docker) workflow is working
      • Have a plan for changes going forward
  • vac:dst:ift:2025q3-dst-tooling:general-tooling
  • vac:dst:ift:2025q3-dst-tooling:nim-libp2p-dst-node-refactor
    • worked on mix integeration in shadow simulation
      • Still facing some issues related to message propagation. Looking into message dissemination mechanism.

vac:sc:

vac:acz:

  • ift:2025q3-de-mls-tesnet:consensus-layer
    • Updated tests for main functionality, fixed some small issues that were find during testing PR
  • ift:2025q3-rln-status-l2:maintaining
    • Discussing with team about Epoch / Epoch slice + ddos
    • Discussing with team about prover next steps
  • nes:2025q3-nescience-consulting:specs-compat
    • Began specification and code base compatibility. Started compiling notes on code base, and pushed minor PRs to testnet to add comments 112 and 113.
  • nes:2025q3-nescience-consulting:nomos-deep-dive
    • Approved Moudy’s suggestions to Nescience in Nomos document.
  • ift:2025q3-ift-zk-calls:ift-zk-call-3
    • Led September’s zk call on GKR and wrote associated forum post.
  • ift:2025q3-zerokit:pmtree-config-builder
    • Merged this PR(compeleted task).
  • ift:2025q3-rln-status-l2:stress-test
  • ift:2025q3-zerokit:zerokit-maintaining
    • Fixed a CMake error that caused CI failures.
    • Added “no test/benchmark” rules for Draft PRs in CI PR.
    • Review PR
    • FFI rework PR - WIP
  • ift:2025q3-rln-status-l2:monorepo-review
  • ift:2025q3-rln-status-l2:rln-spec-maintain
    • Discuss on doc the abusing network detection is not priority right now.
  • ift:2025q3-de-mls-tesnet:multi-steward-rfc
  • ift:2025q3-de-mls-tesnet:consensus-rfc
    • PR, is on final review.
  • nes:2025q3-nescience-consulting:dex-research
  • admin/misc
    • Release de-MLS blogpost on vac.dev by merging its PR.
    • 3 cc is ooo for 1 day

vac:rfc:

  • vac:rfc:codex:2025q3-rfc-iteration
    • Started work on rfc for codex DHT
  • vac:rfc:waku:2025q3-rfc-iteration:qaku
  • admin/misc
    • 1 CC OOO.

vac:sec:

  • ift:2025q3-wallet-policy-update:write-and-review-new-version
    • Tested antiphishing mechanisms
  • ift:2025q3-awareness-program:web3-security-essentials
    • Shared web3 news about crime, phishing, malware, hacks and IoC with Finance (Weekly Update)
    • Continued working on the BlockThreat and n8n integration
  • ift:2025q3-wallet-policy-update:backup-and-recovery-policies
    • Worked on a Threat Model for Crypto asset management
  • ift:2025q3-cicd-security-review:status-design-reviews
    • Reviewed Status Desktop address bar spoofing issue: audited URL parsing/rendering, added homograph/RTL/encoding tests
    • Assessed Status Desktop self-DDoS risk: traced IPC/event loop calls, identified retry/fan-out issues, and validated mitigations with load testing
    • Searched desktop modules for insecure use of eval/dynamic imports/remote content; suggested safe alternatives and added lint/test coverage
    • Validated CI job definitions for secret exposure and artifact tampering; enforced least-privilege tokens and mandatory checks on sensitive PRs
  • ift:2025q3-vulma-and-ir:incidents
    • Reconciled STATUS-331/332/333 external reports with wallet/desktop codebase; completed risk assessments
  • ift:2025q3-vulma-and-ir:remediation-tracking
    • Reproduced and benchmarked top Waku issues; added failing tests and proposed lightweight patches
    • Manually validated high-severity CodeQL findings in Waku repos; confirmed and annotated true/false positives
    • Reviewed Dependabot upgrades for crypto/net libraries; built locally, tested, and approved/held updates with notes
  • ift:2025q3-iam-operations:remove-unnecessary-users
    • Created Notion page with details of Inactive CCs
    • Completed testing for AM Identify for Notion
    • Completed testing for AM Identify for Google
    • Added Inactive CC channel in Discord for notifications
  • ift:2025q3-security-automation
    • Finalized new version of privacy news alert
  • ift:2025q3-security-automation:automatic-wallet-index-updates
    • Tested Etherscan API integration
  • ift:2025q3-finance-automation
    • Deployed changes to Mass PO in production
    • Reviewed and validated proposed changes for Expensify PO

vac:nes:

  • vac:nes:2025q3:state-separation-architecture-poc:fee

  • vac:nes:2025q3:state-separation-architecture-poc:groth16

  • vac:nes:2025q3:state-separation-architecture-poc:doc

  • state-separation-architecture-poc:specs-impl-2

    • Finalized sequencer specs update PR 105
    • Started private key protocol update PR 110
    • Finished tag computation task (PR and task).
    • Finished circuit tests task (PR and task).
  • vac:nes:2025q3:state-separation-architecture-poc:programs

    • Finished piñata program task (PR and task)

vac:nim:

  • ift:2025q3-nimble
    • Adds support for some when expressions in the declarative parser. (https://github.com/nim-lang/nimble/pull/1457)
      • Adds support some when expressions in the declarative parser.
      • Uses StringTableRef to hold the defines
    • WIP Support for filepath in requires (https://github.com/nim-lang/nimble/pull/1452)
      • Reverts “patch” feature
      • Builds a filepath package graph
      • Prevent deps not pulled from file:// to have filepath requires
      • Adds test case “should not allow filepath deps in a top level package that is not being in development”
      • Adds support for “requires” file. When present will parse the requires and add it to the main nimble file.
      • Skips root validation
      • allows to lock filepaths packages
  • vac:nim:ift:2025q3-nim-core-libs:nim-cbor-serialization