Vac 2025/09/29

highlights

  • QA: Status-go Waku functional testing progressed with multiple bugs reported and new community membership tests added.
  • QA: Waku RLN contract property-based fuzz testing (PR 40) in review; new adversarial security simulations planned.
  • QA: Waku interop Lite protocol tester updated per feedback; new scenarios added and reports shared; task pending further confirmation.
  • QA: Waku rendezvous tests retested after fix but still failing; reopening planned.
  • QA: Nim-libp2p Gossipsub performance tests advanced with QUIC scenario merged and multiple refactors in final review.
  • QA: Status desktop QA ongoing across maintenance, notifications debugging, syncing devices with Igor, Squish upgrade, and Qt6 migration analysis.
  • QA: Status mobile QA merged several Appium test PRs, advanced password reset test, and began investigating CI workflow issues.
  • ACZ: Released Zerokit v0.9.0.
  • ACZ: Delivered next iteration of libp2p-mix RFC by refactoring sphinx format.
  • RFC: Completed the first iteration of Logos POC module specs, next step is reaching out for reviews.

vac:p2p:

vac:tke:

vac:qa:

vac:dst:

vac:sc:

vac:acz:

  • ift:2025q4-de-mls-tesnet:de-mls-maintaining
    • Start to prepare code base for multi-steward
  • ift:2025q3-zerokit:release
  • ift:2025q3-rln-status-l2:stress-test
    • Benchmark on 128 Core CPU server - results here
  • ift:2025q4-rln-status-l2:multi-tree
  • ift:2025q4-ift-zk-calls:ift-zk-call-1
    • Began work on zk call slides.
  • nes:2025q4-nescience-consulting:consensus-survey
    • Began consensus survey with Avalanche, HotStuff and Tendermint.
  • ift:2025q4-zerokit:ffi-rework
    • Started implementing this task PR
  • ift:2025q4-rln-status-l2:maintaining
  • ift:2025q4-zerokit:zerokit-maintaining
    • Merged this PR
    • Reviewed these PR, PR
    • code review for PR
    • Updated binary name generaion in CI PR
  • ift:2025q3-discovery-exploration:disc-ng-specs
  • ift:2025q3-rln-status-l2:rln-spec-maintain
  • ift:2025q3-libp2p-mix-testnet:update-rfc
  • nes:2025q4-nescience-consulting:account-security
    • Started to review document on NSSAv0.1 security and cryptographic assumptions.
    • Prepared a document on NSSAv0.1 security and cryptographic assumptions.
  • admin/misc

vac:rfc:

vac:nim:

vac:sec:

  • ift:2025q3-awareness-program:web3-security-essentials
    • Shared web3 news about crime, phishing, malware, hacks and IoC with Finance (Weekly Update)
  • ift:2025q3-wallet-policy-update:backup-and-recovery-policies
    • Finished Backup and Recovery guidelines for critical assets (based on Threat Model)
  • ift:2025q3-continuity-plan:write-guides-and-best-practices
    • Continued developing Operational Continuity guidelines based on Threat Model
  • ift:2025q3-awareness-program:signing-process-resilience-testing
    • Continued testing and refining the multi-layer verification mechanisms in the Signing Process (All members)
  • ift:2025q2-iam-operations:defi-strategy-access-control:cap-money-protocol
    • Added support for Cap Money protocol (CUSD and STCUSD) with scoped interactions
  • ift:2025q2-iam-operations:defi-strategy-access-control:nexus-patch
    • Expanded Nexus Mutual integration
    • Introduced a patched whitelist applying updated Nexus Mutual scoping across relevant contracts
  • ift:2025q3-cicd-security-review:status-design-reviews
    • Completed validation of recent Status audit remediations to ensure all vulnerabilities were effectively patched
    • Developed and executed PoC scripts to confirm fixed exploits are no longer reproducible
    • Performed SBOM and dependency scans to detect any new or unexpected third-party additions
    • Backported critical audit fixes to maintained release branches for consistency and security parity
  • ift:2025q3-vulma-and-ir:incidents
    • Investigated organization GitHub Pages for phishing or injected scripts and removed suspicious content
    • Collected and analyzed phishing attempts targeting X.com, extracting indicators of compromise (IOCs)
    • Deployed lightweight detection checks to monitor new X.com mentions for suspicious URLs or activity
    • Rotated exposed GitHub tokens and revoked unused integrations discovered during the investigation
  • ift:2025q3-vulma-and-ir:remediation-tracking
    • Triaged Dependabot alerts, tested and merged verified safe dependency upgrades
    • Evaluated recent supply chain CVEs and initiated mitigations for impacted repositories
    • Audited CI/CD pipelines to confirm integrity protections (hash pinning, lockfiles) are enforced
  • ift:2025q3-iam-operations:remove-unnecessary-users
    • Built workflows to test endpoints for Notion assets
      • identify old pages
      • identify access frequency and filter out inactive pages
      • identify endpoint to archive old pages
  • ift:2025q4-Create hierarchy boards in Miro
    • Repurposed workflow to use a step by step item generation in Miro
    • Include new hierarchy report as data source
  • ift:2025q4-finance-automation-enhancements
    • Hierarchy report - Finalized and delivered
      • Identified reusable components from existing n8n worfklows
  • admin/misc
    • Q3-2025 Retrospective
    • Finished 4Q-2025 commitments and 2026 roadmap

vac:nes:

  • state-separation-architecture-poc:validium

    • Tried to run Nomos validium example on my machine anddid not succeeded. Also tried to run the local testnet and if was so difficult. Contacted Nomos and spent a significant amount of time to solve the issue. Problem is that they don’t have an image for macOs and had to configure mostly everything manually.
    • Worked with Sergio on understanding how sovreign rollup examples are built and implemented in Nomos. Went through some documentation and code figured out how it works.
    • Went through Celestia to understand how DA works.
    • Wrote a small document about Validium, Nomos, and result interpretation.
  • state-separation-architecture-poc:cpc

    • Researched how to make cross program calls work on NSSA. Finally, came up with a high level way to do it and discussed it briefly with Sergio.
    • Worked on expanding the idea and the plan is to have a first version next week.
    • Dived into the details of the Nomos validium and rollup examples.
    • Ran a Nomos local testnet and learned how to disperse data into NomosDA.
  • vac:nes:2025q3:state-separation-architecture-poc:wallet-2

    • Addressed the comments of PR 115 discussion in PR 119. While doing so I discovered some bugs and issues. Proposals to fix them are in
      • PR 119: wallet improvements and some protocol deviation fixes,
      • PR 120: inflation bug stemming from a missing check in the privacy circuit, and
      • PR 121: account uniqueness for private accounts mechanism.

vac:web:

vac:infra:

  • Deployed BNs and ELs for Nimbus Portal network fleet
  • Adjusted Nimbus Portal fleet storage to be homogenous
  • Improved memory alerting for LIDO fleet by taking ZFS into account
  • Imported contributors list from BambooHR into OpenKM
  • Added ENRTrees addresses to Waku fleets dashboard
  • Preparing of proposal for LIDO fleet layout changes
  • Fixed status-go benchmark issues by adjusted host size
  • Researched Windows 10 in VirtualBox as alternative for E2E tests
  • Implemented dry running Rocketpool rewards tree generation
  • Cleanined up and merged PR for bitcoinpodcast.com Wordpress
  • Implemented Kuma status pages for each Waku fleet
  • Converted Holesky testnet Windows host to Hoodi testnet
  • Upgraded all nodes on Holesky fleet before Fusaka fork
  • Fihished deployment of Aztec L2 Sepolia testnet sequencer node
  • Implemented ElasticSearch cleanup ILM policy, started Waku logs cleanup
  • Research into ElasticSearch 8 upgrade
  • Fixed issues with loading of Wazuh alerting rules
  • Development of CLI tool for Airbyte
  • Rollout of containerized Jenkins agents and builds
  • Further implementation of unit tests for LIDO services

vac:bi: