Audit Reports

Audit Reports

Security is a critical component in ensuring Filecoin can fulfill its mission to be the storage network for humanity. In addition to robust secure development processes, trainings, theory audits, and investing in external security research, the Filecoin project has engaged reputable third party auditing specialists to ensure that the theory behind the protocol and its implementation delivers the intended value, enabling Filecoin to be a safe and secure network. This section covers a selection of audit reports that have been published on Filecoin’s theory and implementation.

Filecoin Virtual Machine
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.filecoin-virtual-machine

2023-03-09 Filecoin EVM (FEVM)
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2023-03-09-filecoin-evm-fevm

The audit covers the implementation of:

  • FEVM’s builtin actors out of which only actors/evm and actors/eam were included in scope along with code base of ref-fvm. The report included auditing EVM runtime action and implementation, correctness of EVM opcodes, including Ethereum Address Manager(EAM). The report also included issues and enhancements methods for gas model and F4 addresses. The audit team also reviewed the message execution flow and kernel setup, WASM integration and FVM logs. All the valid issues raised by the audit were resolved and acknowledged including a few informational issues. More details on these issues are available in the report.

Lotus
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.lotus

2020-10-20 Lotus Mainnet Ready Security Audit
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-10-20-lotus-mainnet-ready-security-audit

The scope of this audit covered:

  • The Lotus Daemon: Core component responsible for handling the Blockchain node logic by handling peer- to-peer networking, chain syncing, block validation, data retrieval and transfer, etc.
  • The Lotus Storage Miner: Mining component used to manage a single storage miner by contributing to the network through Sector commitments and Proofs-of-Spacetime data proving it is storing the sectors it has committed to. This component communicates with the Lotus daemon via JSON-RPC API calls.

Venus
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.venus

2021-06-29 Venus Security Audit
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2021-06-29-venus-security-audit

The scope of this audit covered:

  • The Venus Daemon: Core component responsible for handling the Filecoin node logic by handling peer-to-peer networking, chain syncing, block validation, etc.

Actors
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.actors

2020-10-19 Actors Mainnet Ready Security Audit
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-10-19-actors-mainnet-ready-security-audit

This audit covers the implementation of Filecoin’s builtin Actors, focusing on the role of Actors as a core component in the business logic of the Filecoin storage network. The audit process involved a manual review of the Actors code and conducting ongoing reviews of changes to the code during the course of the engagement. Issues uncovered through this process are all tracked in the GitHub repository. All Priority 1 issues have been resolved. Most Priority 2 issues have been resolved - ones that are still open have been determined to not be a risk for the Filecoin network or miner experience. Further details on these and all other issues raised available in the report.

Proofs
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.proofs

2020-10-20 Filecoin Bellman and BLS Signatures
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-10-20-filecoin-bellman-and-bls-signatures

This audit covers the core cryptographic primitives used by the Filecoin Proving subsystem, including BLS signatures, cryptographic arithmetic, pairings, and zk-SNARK operations. The scope of the audit included several repositories (most code is written in rust) - bls-signatures, Filecoin’s bellman, ff, group, paired, and rush-sha2ni.The audit uncovered 1 medium severity issue which has been fixed, and a few other low severity/informational issues (the details of all issues raised and their status at time of publishing are available in the report).

2020-07-28 Filecoin Proving Subsystem
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-07-28-filecoin-proving-subsystem

This audit covers the full Proving subsystem, including rust-fil-proofs and filecoin-ffi, through which Proof of Space-Time (PoSt), Proof of Retrievability (PoR), and Proof of Replication (PoRep) are implemented. The audit process included using fuzzing to identify potential vulnerabilities in the subsystem, each of which was resolved (the details of all issues raised and their resolutions are available in the report).

2020-07-28 zk-SNARK proofs
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-07-28-zk-snark-proofs

This audit covers the core logic and implementation of the zk-SNARK tree-based proofs-of-replication (including the fork of bellman), as well as the SNARK circuits creation. All issues raised by the audit were resolved.

GossipSub
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.gossipsub

2020-06-03 GossipSub Design and Implementation
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-06-03-gossipsub-design-and-implementation

This audit focused specifically on GossipSub, a pubsub protocol built on libp2p, version 1.1, which includes a peer scoring layer to mitigate certain types of attacks that could compromise a network. The audit covered the spec, go-libp2p-pubsub and gossipsub-hardening. The report found 4 issues, primarily in the Peer Scoring that was introduced in v1.1, and includes additional suggestions. All the issues raised in the report have been resolved, and additional details are available in the report linked above.

2020-04-18 GossipSub Evaluation
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-04-18-gossipsub-evaluation

This evaluation focused on demonstrating that GossipSub is resilient against a range of attacks, capable of recovering the mesh, and can meet the message delivery requirements for Filecoin. Attacks used in testing include the Sybil, Eclipse, Degredation, Censorship, Attack at Dawn, “Cover Flash”, and “Cold Boot” attacks. The spec for v1.1, v1.0 and the reference implementation were in scope for this audit.

Drand
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.drand

2020-08-09 drand reference implementation Security Audit
  • State reliable
  • Theory Audit n/a
  • Edit this section
  • section-appendix.audit_reports.2020-08-09-drand-reference-implementation-security-audit

This report covers the end-to-end audit carried out on drand, including the implementations found in drand/drand, drand/bls12-381 and drand/kyber. The audit assessed drand’s ability to securely provide a distributed, continuous source of entropy / randomness for Filecoin, and included using fuzzing to find potential leaks, errors, or other panics. A handful of issues were found, 14 of which were marked as issues ranging from low to high risk, all of which have been resolved (the details of all issues raised and their resolutions are available in the report).