Vac R&D Roadmaps and Reports

Search

SearchSearch

2025-09-22 Vac weekly

Sep 22, 2025, 9 min read

Vac 2025/09/01

highlights

  • P2P: Release v1.13.0
  • P2P: AutonatV2 development complete
  • QA: Status backend IP change tests fixed.
  • QA: Waku interop maintenance bug found with invalid JSON handling, retro scripts updated, and maintenance PR opened.
  • QA: Waku Lite protocol tester reworked scripts now working with Grafana data visibility.
  • QA: Status desktop Qt upgrade and Windows CI work ongoing, new issue opened, backup-user-data feature in progress.
  • QA: Status mobile porting tests to e2e\appium with multiple PRs
  • DST: Nim-libp2p v1.13 report ready
  • DST: Mix analysis shows that:
    • Mix relaying still works as intended after fixes
    • There is a weird ~7x delay for mixnet messages. Investigating.
  • DST: Removed cron from DST nim-libp2p node so an external publisher can be used.
  • SC: Implemented Karma conversion, allowing users to convert virtual Karma to actual Karma, which enables the Status treasury account to transfer earned Karma.

vac:p2p:

  • vac:p2p:ift:2025q3-nimlibp2p-maintenance:maintenance
  • vac:p2p:ift:2025q3-nimlibp2p-mix:mix-core
  • vac:p2p:ift:2025q3-nimlibp2p-mix:mix-specs
    • Review Mix RFC, propose adding a randomized delay before the initiator sends each Sphinx packet to the first hop.
      • This is important to avoid metadata leakage when multiple Sphinx packets are sent in a burst.
      • Could happen due to fragmentation of a large message by an upstream protocol
  • vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:service
  • vac:p2p:ift:2025q2-nimlibp2p-autonat-v2:interop
  • vac:p2p:ift:2025q3-nimlibp2p-maintenance:go-libp2p-daemon
    • Started looking into getting rid of go daemon nim-libp2p#1701
    • For this, we’ll need to look into interop tests, since they’re the ones who will replace the go daemon tests
  • misc/admin
    • Prepare Q3 commitments
    • Assist in queries

vac:tke:

  • vac:tke:nomos:stress-test::review-pos-sims
    • debugged all plots and results
  • vac:tke:nomos:stress-test::dyn-stake-estimation
    • reviewed current proposals
    • Keep working on requirements for DSE implementation
    • To meet with Nomos team on Friday
  • vac:tke:ift:logos-token::logos-strategy
    • finalized reviewing token sales course
    • read launch strategy doc
    • further reasearch for Wednesday discussion
    • prepare overview for Wednesday discussion
    • Progress towards this end
  • vac:tke:status:karma-incentives
    • reviewed Karma issuance model and dashboard
    • continue work on modeling Karma issuance
    • continue building a streamlit dashboard with issuance modeling based on real L2 TVL data
    • Catch up
  • vac:tke:status:cf
    • Work out analysis of Reddit and Farcaster Scrapers
    • Discuss with Matt on Monday
  • vac:tke:ift:tokenomics-research-forum::grantico
    • minor fixes
  • vac:tke:ift:tokenomics-research-forum::control
    • Review Grantico
    • Polish research on Opt. Control

vac:qa:

vac:dst:

  • admin/misc
    • Plan pending tasks for Q3 and new ones
      • RLN, nim-libp2p v1.13, status-backend benchmarks, deployment refactor…
    • Another lab refactor coordination
  • vac:dst:status:2025q3-status-go-chat-protocol-benchmarks:relay-node-benchmark-2
    • Prepare scenarios for relay only
  • vac:dst:status:2025q3-status-go-chat-protocol-benchmarks:cleanup-resources
    • Cleanup status benchmark PRs
  • vac:dst:vac:2025q3-libp2p-evaluation:evaluate-quic-v0.2.9
    • Test quic in v1.13 report
  • vac:dst:vac:2025q3-libp2p-evaluation:regression-testing
  • vac:dst:waku:2025q3-waku-scaling:TWN-supports-RLN-tree
    • Call with Waku for RLNV2 contract deployment
    • Prepare scenario. Not sure if we really need the lab for this.
  • vac:dst:nomos:2025q3-nomos-scaling:nomos-deployment-test
    • Coordinate with Nomos regarding the testnet
    • Converting local Nomos compose.yaml to Kubernetes, to realize the first deploymet
  • vac:dst:vac:2025q3-libp2p-evaluation:mix-re-evaluation
    • Logged times were using Moment.now() instead of a synced clock in dst-changes-main-s2
    • Found issue where mix/mix_protocol was logging current = startTime instead of current time.
    • Found a long delay in Exit nodes that make it appear that gossip network message delay is higher than it is
    • There is ~7x delay for mixnet messages. Gossip messages are fine.
    • There are no messages being gossiped before they finished traversing the mixnet
  • vac:dst:ift:2025q3-dst-tooling:deployment-refactor
    • Implemented building Kubernetes deployment yamls for regression nodes with Python instead of helm
  • vac:dst:ift:2025q3-dst-tooling:nim-libp2p-cron-removal
    • Added http endpoint to libp2p test node PR here
      • Can send messages based on both, yaml and detached publisher
      • Can relay/generate messages, and added support for health monitoring
      • Working fine on shadow, still need to test on k8s
    • Added interaction options to detached publish controller PR here
      • Can allow publishing/relaying messages
      • Allows publisher selection/rotation
      • Added Readme
  • vac:dst:ift:2025q3-dst-tooling:nim-libp2p-dst-node-refactor
    • Worked on merging mix support in test node.

vac:sc:

vac:acz:

vac:rfc:

vac:nim:

vac:sec:

  • ift:2025q3-wallet-policy-update:backup-and-recovery-policies
    • Finished Threat Model and identified actions for improving Recovery Process
  • ift:2025q3-multisig-secondary-interface-deployment:write-guides-and-best-practices
    • Finished Threat Model and identify Operational Continuity actions
  • ift:2025q3-security-automation:automatic-wallet-index-updates
    • Deployed TOTP for authenticating communications in the signing process
    • Deployed n8n Security Instance (trial/cloud)
  • ift:2025q3-multisig-secondary-interface-deployment:test-new-interface
    • Used secondary interface in real and authorised transactions
  • ift:2025q3-cicd-security-review:status-design-reviews
    • Performed targeted code audit of Status Desktop IPC message handling; looked for serialization/deserialization risks and add fuzzing tests with malformed payloads
    • Traced wallet key management code for unsafe memory handling (e.g., keys left in heap/stack); add zeroization and memory-safety checks
    • Reviewed PRs modifying desktop browser engine integration; test for sandbox escapes and directory traversal issues
  • ift:2025q3-vulma-and-ir:incidents
    • Validation of the patches regarding to the STATUS-331/332/333 and the changes of the Status Desktop
    • Follow up actions on the NPM supply chain attack investigation
  • ift:2025q3-vulma-and-ir:remediation-tracking
    • Dependabot CVE validation and patch implementation coverage
  • ift:2025q3-finance-automation
    • Add improvements to Expensify PO
    • Developed and implemented Miro board generator
  • ift:2025q3-iam-operations:remove-unnecessary-users
    • Investigated retrieving users from Github
    • Finalized identification of Inactive CCs for Google (live now)
    • Finalized identification of Inactive CCs for Discord (Sec server only)
    • Identified endpoints for generating report from Notion on existing resources
  • ift:2025q3-security-automation:automatic-wallet-index-updates
    • Fixed issue with retrieval of wallet data from GitHub
  • ift:2025q3-security-automation
    • Test several use cases for identifying best news articles
      • using http with SerpApi
      • using AI with Gemini and SerpApi
      • using AI with Gemini

vac:nes:

Graph View

Backlinks

  • No backlinks found