o1js icon indicating copy to clipboard operation
o1js copied to clipboard

Published 20 hours ago verified publisher icon o1-labs

Internal audit of o1js

Open garwalsh opened this issue 1 year ago • 3 comments

Prior to the upcoming Mina protocol major upgrade, the o1Labs SDK team will audit the o1js codebase to identify any outstanding vulnerabilities.

The deliverables for this issue will be:

  • [x] A high level report noting the scope of the audit, any vulnerabilities discovered, and links to the work to address them
  • [x] An addition to o1js docs containing guidelines on "how to write a secure zkApp" and "how to audit your zkApp" (may end up being the same document). These docs should be described as issues on the docs repo as output of this task
  • [ ] Check examples https://github.com/o1-labs/o1js/tree/main/src/examples and tutorial code, code snippets for vulnerabilities
  • [x] An addition to o1js docs noting the result of the audit with a warning that all zkApps should be audited by their developers before being deployed to mainnet
    "Developers, get your zkApps audited. And if you are touching parts of o1js that have not yet been audited, reach out to o1"

TBC

  • [ ] Audits of a small number of existing zkApps currently deployed to Berkeley

garwalsh avatar Feb 08 '24 22:02 garwalsh

Internal o1js audit (Q1 2024).pdf

garwalsh avatar May 02 '24 19:05 garwalsh

Draft PR for how to write a secure zkapp: https://github.com/o1-labs/docs2/pull/921

mitschabaude avatar May 02 '24 19:05 mitschabaude

PR which covers the docs additions is up for review: https://github.com/o1-labs/docs2/pull/921

mitschabaude avatar May 09 '24 13:05 mitschabaude