Link Types: GitHub Internal (roadmap.vac.dev) External Task ID
All Teams BI0 DST0 Nim0 P2P0 QA0 RFC0 SC0 SEC0 TKE0 WEB0 INFRA0
Vac 2025/09/01 §
highlights §
TKE: all TKE-related docs and specs were approved by Nomos team
QA: Waku RLN contract edge-case tests expanded with reentrancy protection fix in progress.
QA: Waku REST API interop tests merged; rendezvous tests blocked pending infra fixes.
QA: Waku Lite protocol testing started using Zoltan’s scripts for Store protocol.
QA: Nim-libp2p rendezvous tests refactored and fixed pagination issue.
QA: Status E2E desktop tests now working on Windows locally; CI support ongoing.
QA: Working on extending Status Mobile framework with accessibility hooks and seed phrase tests.
DST: Started working on a libp2p cross implementation repository
SC: Uncovered and fixed a bunch of security vulnerabilities in StakeVault
ACZ: Anounced MLS RFC on X
ACZ: Release the SN RLN prover benchmark doc regarding prover repo
RFC: Completed the first draft of qaku rfc
NES: Finished research Sprint 2 and already started Sprint 3.
vac:p2p: §
ift:2025q3-nimlibp2p-mix:mix-core
mix#78 feat: replies (SURBs)mix#79 fix: dont use global variablesWIP:
benchmark metrics for DST (requested by @Akshaya to take priority over other mix tasks)
cleanup reply table for cases in which reply never arrives
ift:2025q3-nimlibp2p-maintenance:maintenance
nim-libp2p#1645 fix: dont send GoAway for unknown streams and mark streams as closed on conn close
Issue reported by @Ivansete: streams were not being marked as closed on disconnect
I noticed that a GoAway was being sent once streams were being closed, causing other active streams to be dropped as well
nim-libp2p#1647 chore: temporarily disable performance plots from being published
Issue reported by @arnetheduck: libp2p repository exceeded 500mb
I’ll ask Infra to setup some storage where we could push the performance reports
ift:2025q3-nimlibp2p-maintenance:maintenance
more QUIC refactoring and improvements
resolved issues related to read() ocasionally locking nim-libp2p#1636
ift:2025q3-nimlibp2p-autonatv2
ift:2025q3-nimlibp2p-autonatv2:client
Send DialRequest
Receive DialDataRequest
Send DialDataResponses
Receive DialResponse
ift:2025q3-nimlibp2p-autonatv2:server
Receive DialRequest
Send DialResponse
Amplification attack mitigation
Check observed IP address against chosen IP address
Send DialDataRequest
Receive DialDataResponses until requirement is met
Send DialBack & get DialBackResponse
Send DialResponse
Fixed a DialDataResponse bug where the server was not receiving messages from the client
admin/misc
Helped run Nescience interview for Senior Rust Engineer role
Close some older PRs and non-relevant issues (still a lot to go, tho)
Assist in queries related to circuit-relay behavior on waku
vac:tke: §
admin/misc
wrote down the team’s monthly report of deliverables
ift:logos-token::logos-strategy
addressed team feedback about ecosystem incentivization doc
ad-hoc research
nomos:stress-test::review-pos-sims
reviewed the state of our PoS simulation
nomos:stress-test::review-nomos-da
addressed a few outstanding comments from Alvaro
waku:services-incentive
finalized reviewing the Service Incentivisation MVP
continuing research
status:karma-incentives
closely follow the Karma “emergency fix” and discussion around Karma distribution periods
fixing bugs in staking demo app
ift:tokenomics-research-forum::grantico
continuing work in spare time
status:cf
Work with Matt on GTM
Finished scraper for product research
ift:tokenomics-research-forum::control
Kept pushing reserch on Control Problem
Reviewed and attended research call
ift:tokenomics-research-forum::token-valuation
finalized the report
presented the work at our Research Call
vac:qa: §
status:2025q3-status-go-functional-testing:accounts
Continue with remaining accounts methods
Move draft PR in review and get it merged
waku:2025q3-rln-smart-contract-testing:edge-cases
waku:2025q3-interop-testing:REST-APIs-Extended
waku:2025q3-interop-testing:rendezvous-peer-discovery
waku:2025q3-interop-testing:liteprotocoltester
vac:2025q3-nim-libp2p-testing:rendezvous
status:2025q3-status-qa-desktop:maintenance
status:2025q3-status-qa-mobile:framework-adjustments
Hook to expose Qt properties via accessibility framework - in progress
status:2025q3-status-qa-mobile:port-tests
Started backup seed phrase test implementation
admin/misc
vac:dst: §
admin/misc
Review candidates for DST position
Got flights to Budapest and informed Pops
Call with Codex
Discussed differences between both frameworks, and approaches that could be taken
Created notion document for next steps on the framework
Machine for AZC
Github PR Coordinate with Nescience to use this machine next week
Went over the deployment code and open PRs
Track and participate in gossipsub metrics spec draft
status:2025q3-status-go-chat-protocol-benchmarks:delay-and-store
TODO notion document
Call with Waku to investigate waku connections
Peers were missing in admin endpoint. Missing information was fixed in nwaku v0.36
Confirmed that peers added through staticnode argument are not exposed to be discovered even they have discv5 enabled.
vac:2025q3-libp2p-evaluation:mix-re-evaluation
Github commit: pwhite/dst-changes-build-fix
Fix for building Docker image
Github PR: mix node deployment changes Still seeing violations where the first message is seen in the network from a non-exit node (normal gossipsub instead of mixnet route).
Still seeing a discrepancy in delay with 0 delay 0 jitter for mixnet nodes. Some plots where message delay is less than zero.
Gathering data sometimes seems to fail.
ift:2025q3-dst-tooling:general-tooling
Deployment - Workflow
Made some comments on this. Good discussion going.
Tried full workflow with mixnet where the analysis script automatically grabs the parameters from experiment output.
ift:2025q3-dst-tooling:shadow-integration-scaffold
Completed shadow integration for nim-libp2p, new repo created
Shadow test runs with both, docker executable and build method
Prometheus metrics were failing for large networks with metrics/httpclient.
Prometheus metrics working fine with curl and staggering (slightly increases simulation time)
The run script allows using custom configurations
vac:sc: §
ift:2025q3-fv-tools-research
applied Kontrol to some of our Karma tests
chatting with the Kontrol team to provide feedback on the errors we have running Kontrol on our repo
tried the opensource version of certora in local
status:2025q2-sn-native-bridge-yield-bearing-module:research-design
finished importing the Status contracts to the status network monorepo
status:2025q3-maintaining-status-contracts
Implement fix for lockUntil vulnerability
Allow for setting rewards when there’s a pending reward period
Prevent bug that’s caused by StakeVault being transferrable
Clean up StakeVault integrity checks
Fix vulnerabilities related to withdraw() that allows users to withdraw their staked funds while their are locked
Fix lockUntil not being reset during migration
vac:acz: §
ift:2025q3-de-mls-tesnet:consensus-layer
Fully finished real voting, fixed some issues around removing user, added docs for part of the functionality PR
ift:2025q3-libp2p-mix-testnet:update-rfc
ift:2025q3-gossipsub-relay-rfc:relay-rfc
Completed the GossipSub Relay Protocol RFC PR #178 .
ift:2025q3-zerokit:libp2p-mix-repo
Reviewed PRs #78 and #79 .
Discussed limitations of exit ≠ destination with P2P team.
Documented detailed comparison between exit == destination and exit ≠ destination in the Notion Page .
Aligned with team to proceed with exit ≠ destination in both RFC and implementation, with security implications captured in Mix RFC.
Synced with P2P team and on implementing logging on the latest branch for benchmarking.
ift:2025q2-zerokit:zerokit-maintaining
ift:2025q3-rln-status-l2:stress-test
nes:2025q3-nescience-consulting:dex-research
ift:2025q3-rln-status-l2:rln-spec-maintain
ift:2025q3-rln-status-l2:maintaining
ift:2025q3-de-mls-tesnet:multi-steward-rfc
Worked on steward rotation by extracting requirements such as how to determine steward list and todos on malicious steward.
ift:2025q3-de-mls-tesnet:consensus-rfc
Applied feedbacks PR , on final review.
nes:2025q3-nescience-consulting:privacy-projects-analysis
Review privacy projects vs NSSA document
Worked on privacy projects vs NSSA document .
admin/misc
Review RLN think-tank doc
Look into zk-creds paper for Waku research team credential requirements.
Responded to Waku’s question about Fractional message transfer
Provided feedback on FURPs: SN RLN and Zerokit . Due to this, added a question to SN RLN document
Nescience review (for peer programming interview)
vac:rfc: §
codex:2025q3-rfc-iteration
Started work on rfc for codex DHT
waku:2025q3-rfc-iteration:qaku
admin/misc
vac:sec: §
ift:2025q3-wallet-policy-update:write-and-review-new-version
Tested signing requests and add new signatory procedures
Pending to final review with Finance
ift:2025q3-awareness-program:web3-security-essentials
Shared web3 news about crime, phishing, malware, hacks and IoC with Finance (Weekly Update)
Continued working on the integration with n8n
ift:2025q3-multisig-secondary-interface-deployment:write-guides-and-best-practices
Continued writing the guidelines to use Onchain Den when required
ift:2025q3-wallet-policy-update:backup-and-recovery-policies
Started updating/creating backup and recovery policies and processes
ift:2025q3-cicd-security-review:status-design-reviews
Completed secure code review on Status browser and messaging PRs, focusing on encryption, IPC, and storage access
Manually tested wallet PRs for insecure key handling and authentication bypass risks
Reviewed CI/CD pipeline configurations for hardcoded secrets and improper access controls
Validated recently merged fixes through diff-based code review to confirm vulnerabilities were resolved
ift:2025q3-vulma-and-ir:incidents
Reproduced SNT phishing attack flow in a controlled test environment to validate threat scenarios
Performed log-based hunts for suspicious wallet activity linked to phishing indicators
Investigated new bug bounty submissions and validated PoCs against staging
Verified IR alerting pipeline by simulating phishing indicators across test accounts
ift:2025q3-vulma-and-ir:remediation-tracking
Manually validated 5 high-severity CodeQL findings, confirming impact through code path analysis
Reviewed and tested PRs addressing unresolved Dependabot alerts, confirming upgrades locally
Cross-checked static analysis findings with runtime logs to assess exploitability
Coordinated with repo owners to close several high/medium security issues via patch review and testing
ift:2025q3-iam-operations:remove-unnecessary-users
Refactor logic for identifying Inactive CCs in Notion, Github, Google, Discord
due to Blocker, add a page of Inactive CCs in Notion
manually run and update Inactive CCs in Notion daily
all user management processes will refer to the Inactive CCs Notion page
ift:2025q3-security-automation
Finalized new version of privacy news alert
ift:2025q3-security-automation:automatic-wallet-index-updates
Started python script inclusion, dependence on Python n8n docker
ift:2025q3-finance-automation
Pending approval from Finance
Deploy to prod pending the ending of payments for August
admin/misc
Interviewed a candidate for the App Sec Engineer position. Moved forward to next stage
vac:nes: §
vac:nim: §
ift:2025q1-nimble
Adds support for some when expressions in the declarative parser. (https://github.com/nim-lang/nimble/pull/1457 )
Adds support some when expressions in the declarative parser.
Uses StringTableRef to hold the defines
WIP Support for filepath in requires (https://github.com/nim-lang/nimble/pull/1452 )
Reverts “patch” feature
Builds a filepath package graph
Prevent deps not pulled from file:// to have filepath requires
Adds test case “should not allow filepath deps in a top level package that is not being in development”
Adds support for “requires” file. When present will parse the requires and add it to the main nimble file.
Skips root validation
allows to lock filepaths packages
ift:2025q3-nim-core-libs:nim-cbor-serialization
No results found Try adjusting your search or filter criteria.