2025-09-15 Vac weekly

Vac 2025/09/01 §

highlights §

• P2P: AutonatV2 development is mostly done. Interop testing is in progress
• P2P: Added options to choose whether the Preamble and the IDontWant message should be sent when publishing a message in gossipsub
• QA: Nim Libp2p rendezvous tests improvements.
• QA: Waku RLN contract edge-case expansion merged.
• QA: Waku interop Lite protocol tester stress testing scripts expanded with Grafana monitoring.
• QA: Status go accounts functional testing completed with new bug reported and service tests added.
• QA: Status desktop Windows app build finally successful, issues opened for CI, Qt upgrade tests ongoing.
• QA: Status mobile framework updated, backup recovery test implemented, wallet account flow in progress.
• DST: Fix JS-waku sharding issue for K8s
• ACZ: Merged and release the consensus RFC which is a sub-RFC for de-MLS RFC
• ACZ: Create a video demo for consensus voting de-MLS

vac:p2p: §

• vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
  • waku-org/nwaku#3561 chore: bump mix
    • Update proof of concept code to use latest Mix refactors and features
  • waku-org/mix#85 fix: ensure destination and exit nodes are not selected as part of SURBs path
    • Bug reported by @prem_chaitanya
  • waku-org/mix#84 refactor: each surb has a different I
    • Requested by @akshaya.mani
  • Archive main branch as main-archive, and rename main-s2 to main
  • Currently working on moving mix code to nim-libp2p
• vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
  • vacp2p#nim-libp2p#1673 feat: v1.13.0
    • Prepared release and asked DST team for regression testing
  • vacp2p#nim-libp2p#1681 feat: add skipIDontWant and skipPreamble
    • Required for mix so the sender node does not warn in advance of large messages being sent (since these control messages are not sent via mix)
  • Currently working on exposing Reset to streams/connections
  • QUIC improvements
    • fix(stream): synchronize write nim-quic#116
      • with this fix, nim-libp2p tests are occasionally passin when Quic transport is utilized in all pubsub tests
  • chore(tests): utilize quic transport in pubsub tests nim-libp2p#1667
  • fix(pubsub): use custom conn when message is sent as lower-priority nim-libp2p#1679
  • Use reviewdog workaround nim-libp2p#1668
  • Revert reviewdog workaround nim-libp2p#1672
• misc/admin
  • 1 CC 1d off

vac:tke: §

• vac:tke:nomos:stress-test::review-pos-sims
  • introduced epoch-wise protocol metrics, the TGE supply and change the monetary unit to NMO
  • implemented realistic gas amounts, the Execution market, block rewards calculation driven by the KPIs
  • implemented a new way to introduce new validators based on Pareto II distribution
• vac:tke:nomos:stress-test::dyn-stake-estimation
  • worked on requirements for DSE implementation
• vac:tke:ift:logos-token::logos-strategy
  • started reviewing the token sales course
  • review and evaluate the outlined options
  • research on recent comparables
  • caught up here
• vac:tke:status:karma-incentives
  • work on modeling Karma issuance
  • review recent SC work, look at ERC20 voting extensions
• vac:tke:status:cf
  • Finished Farcaster scrapers and data collection
  • Finished volume sims for pro-forma
• vac:tke:ift:tokenomics-research-forum::grantico
  • wrap up current version refactor
  • reviewed and provided feedback
• vac:tke:ift:tokenomics-research-forum::control
  • Wrap up reserch on Control Problem
• vac:tke:ift:tokenomics-research-forum::token-valuation
  • re-ran the analyses with updated data
• vac:tke:ift:tokenomics-research-forum::tke-gpt
  • watched course about LangGraph Ambient Agent

vac:qa: §

• status:2025q3-status-go-functional-testing:accounts
  • Issue 6922: more watch accounts than capacity
  • PR 6921: account services p4
• status:2025q3-status-go-functional-testing:framework-improvements
  • PR 6907: return rpc result
• waku:2025q3-rln-smart-contract-testing:edge-cases
  • PR 31: RLN contract unit test expansion - merged
• waku:2025q3-interop-testing:liteprotocoltester
  • Prepared test result sheet
  • Executed stress tests and monitored CPU/memory in Grafana
  • Added new filter & store stress scripts to PR 135
• status:2025q3-status-qa-desktop:maintenance
  • PR 18787
  • PR 18783
  • PR 18807
  • Investigated Appium-based framework locally
• status:2025q3-status-qa-desktop:release-testing
  • Built app on Windows successfully
  • Worked with Marco on Windows e2e
  • Opened Windows issues #18808
  • Updated local installation to newer Qt
  • Investigated failures in PR 18814, continued retesting
• status:2025q3-status-qa-mobile:framework-adjustments
  • PR 18796: framework updates
• status:2025q3-status-qa-mobile:port-tests
  • PR 18796: backup recovery flow test
  • Started work on wallet saved account test
• vac:2025q3-nim-libp2p-testing:rendezvous
  • test(rendezvous): Simplify test setup
  • refactor(rendezvous): Split Rendezvous Protobuf and add tests
• admin/misc
  • OOO: 7 cc Day

vac:dst: §

• admin/misc
  • 1 CC OOO Friday
  • More content in deploy document
  • Call with Waku for RLN task and understand assigment
  • Call with Status to debug discovery details in status-backend
    • Currently, discovery for light clients is not working
    • New task to compare discv5 and px bandwidth usage to decide for light clients
  • Attended Logos Barcelona
  • Plan machine for ACZ member with lab refactor
• vac:dst:vac:2025q3-libp2p-evaluation:mix-re-evaluation
  • Message delay times where still longer than expected
  • Fixed nim build dependencies that caused the Docker image not to build
  • Fixed regex nimlibp2p tracers for dst-changes-main-s2 in analysis scripts
• vac:dst:waku:2025q3-waku-evaluation:js-waku-follow-up
  • Fixed test for auto sharding
  • Found issue where static sharding wasn’t working
  • Both auto-sharding and static sharding working/tested
• vac:dst:ift:2025q3-dst-tooling:nim-libp2p-cron-removal
  • worked on cron removal for nimlibp2p
    • Still a WiP. created draft PR for the publish controller.

vac:sc: §

• status:2025q3-new-karma-requirements:voting-capabilities
  • initial Karma votes implementation
  • started working on multi-user votes delegation for Karma
• status:2025q3-new-karma-requirements:whitelist-transferability
  • Implemented whitelisting for transferring Karma tokens
    • https://github.com/status-im/status-network-monorepo/pull/27
• status:2025q3-new-karma-requirements:virtual-karma-conversion
  • Started implementing virtual to actual Karma conversion
    • This includes minting tokens
    • Redeeming rewards
    • New slashing logic

vac:acz: §

• ift:2025q3-de-mls-tesnet:consensus-layer
  • Merged PR
  • Make a video demo with consensus layer
• ift:2025q3-de-mls-tesnet:de-mls-maintaining
  • Open issue with future plans
• ift:2025q3-rln-status-l2:stress-test
  • Benchmarked a few different ideas to optimize Prover performance:
    • Applied best practices to squeeze a few more TPS out of the Prover PR
    • Pinned each thread from the Rayon thread pool to a specific CPU core, with different pinning strategies PR
    • Spawned a threadPool to limit the number of threads for each ProverService PR
    • Benchmark Sylvain’s PR branch.
  • Benchmark results for the above approaches are documented in Prover-Benchmarks
  • The current highest TPS is achieved when merge Sylvain’s PR with this PR.
• ift:2025q3-rln-status-l2:optimization
  • Discussion with the team about possible prover optim (with dedicated thread pool)
  • Created PR Zerokit 0.9 + no parelllel feature - WIP
  • Review PR about optim 1 - 2 - 3
• ift:2025q3-rln-status-l2:maintaining
  • Prover shared DB document - Notion
  • Read about the RAFT consensus + consistency for SharedDB solution: Consensus - Raft + rocksdb - Scalability
• ift:2025q2-zerokit:zerokit-maintaining
  • FFI rework PR - WIP
  • Reviewed Jarrad’s PR
  • Removed the wasm-bindgen-cli tool, which was causing CI failures PR
  • Updated the CONTRIBUTING file and fixed the pmtree-ft feature conflict that was causing nightly cross-build failures PR
• ift:2025q3-discovery-exploration:exploring
  • started working on writeup of improving discovery protocol
  • Examine the discNG paper and its writeup, extract some questions.
• ift:2025q3-de-mls-tesnet:multi-steward-rfc
  • Draftign the second iteratin of the RFC in Notion doc by adding consensus types, Steward list determination and two multi-steward options: Big and Small consensus.
• ift:2025q3-de-mls-tesnet:consensus-rfc
  • Merged consensus PR.
• admin/misc
  • Review the ZK-Based Ticket System for Store Service Incentivization MVP in forum.vac.dev and have a comment.
  • 1 cc is ooo for 3 days
  • 1 cc has an onboarding call

vac:rfc: §

• vac:rfc:codex:2025q3-rfc-iteration:dht-component
  • Continued work on codex DHT rfc, try complete first draft next week
• vac:rfc:waku:2025q3-rfc-iteration
  • Responding to reviews on open PRs and committing changes - https://github.com/vacp2p/rfc-index/pull/180, https://github.com/vacp2p/rfc-index/pull/181
• vac:rfc:ift:logoc-poc
  • First draft of Logos Spec: https://github.com/vacp2p/rfc-index/pull/183
• vac:rfc:codex:2025q3-rfc-iteration
  • Creating a roadmap proposal on roadmap.vac.dev

vac:nim: §

• ift:2025q3-nimble
  • nimble dump now uses vnext’s nim version selection. Which should speed up lsp and get always the right nim version (https://github.com/nim-lang/nimble/pull/1468)
    • nimble dump now uses vnext’s nim version selection. Which should speed up lsp and get always the right nim version
    • Improves dump. Fixes tests
  • Fixes #1466 nimble install does not work with / in branch name #1466 (https://github.com/nim-lang/nimble/pull/1467)
  • Manage nimble install nim (https://github.com/nim-lang/nimble/pull/1465)
    • nimble install nim works outside of a project dir
    • Fixes an issue where if the nim in the path is the one installed globally by nimble, it would fail to get the package due to the link (need to be tested in macos and lin)
    • imports strsscans only in windows
    • Adds support for nimble install nim@#devel
    • Fixes an issues where some times global installs dont work
    • Fixes a tricky issue where global installs were using the pkgcache as the linked directory
    • Removes unused strformat
    • Conditional import
    • Merge branch ‘master’ into install_nim_global
• vac:nim:ift:2025q3-nim-core-libs:nim-cbor-serialization
  • nim-cbor-serialization: https://github.com/vacp2p/nim-cbor-serialization/pull/1
    • addressed remaining review items: parseStringIt & parseByteStringIt, test std
    • started rework automatic serialization: https://github.com/vacp2p/nim-cbor-serialization/tree/default_serial

vac:sec: §

• ift:2025q3-vulma-and-ir:incidents
  • Post-mortem analysis for crypto wallets / metamask profile compromised (No org funds stolen)
• ift:2025q3-awareness-program:web3-security-essentials
  • Shared web3 news about crime, phishing, malware, hacks and IoC with Finance (Weekly Update)
• ift:2025q3-multisig-secondary-interface-deployment:write-guides-and-best-practices
  • Continued writing the guidelines to use Onchain Den when required (Threat Model -> Operational Continuity)
• ift:2025q3-wallet-policy-update:backup-and-recovery-policies
  • Continued refining backup and recovery procedures (Threat Model -> Backup & Recovery)
• ift:2025q3-security-automation:automatic-wallet-index-updates
  • Updated wallet index with new additions and changes
• ift:2025q3-wallet-policy-update:submit-new-documentation-to-repo
  • Published new versions to Notion, GH and Proton
• ift:2025q3-cicd-security-review:status-design-reviews
  • Completed deep code review on Status Desktop PRs related to window rendering and navigation handling
  • Reviewed wallet integration PRs for potential misuse of cryptographic primitives and unsafe storage handling
  • Tested desktop modules for insecure error handling (stack traces, unhandled exceptions) and proposed sanitization patches
• ift:2025q3-vulma-and-ir:incidents
  • Performed log correlation analysis for STATUS-331/332/333 and confirmed no evidence of secondary exploitation
  • Worked on the NPM supply chain attack investigation against the IFT organization and risk analysis
  • Investigated two new bug bounty reports, reproduced PoCs locally, and assessed severity for escalation
• ift:2025q3-vulma-and-ir:remediation-tracking
  • Performed focused code review of Waku PRs addressing reliability and security issues; confirmed test coverage was sufficient
  • Manually inspected CodeQL findings in desktop repositories, reproduced locally, and confirmed exploitability status
  • Executed smoke and performance tests on recent Dependabot upgrades and fast-tracked critical merges
• ift:2025q3-finance-automation
  • Added improvements to Expensify PO
  • Test new version with improvements for Expensify PO process
  • Created separated workflow paths for different new usecases
  • Tested new workflow paths
  • Identified issue with conversion rate from exchange.api
  • Tested new AI conversion rate validation

vac:nes: §

• vac:nes:2025q3:state-separation-architecture-poc:doc

  • Reviewed and analyzed existing documentation on NSSA vs. other privacy projects.
  • Researched and drafted a document about NSSA vs. other privacy projects.
  • Reviewed and analyzed existing documentation on DEX deployment on NSSA.
  • Researched and started a draft document about DEX on NSSA.

• state-separation-architecture-poc:specs-impl-2

  • Finalized key protocol update(private). PR 110.

• state-separation-architecture-poc:wallet-2

  • Worked on wallet adaptation to privacy-preserving transactions. PR 115.

• vac:nes:2025q3:state-separation-architecture-poc:programs

  • Finished the Piñata program PR.
  • Finished task on adding addresses to program inputs (PR.
  • Almost finished token program implementation (needs polishing only) (draft.