From 21d526c0310ff83b25934a5776d409069bd88733 Mon Sep 17 00:00:00 2001 From: parthshah1 Date: Fri, 17 Mar 2023 15:04:27 -0700 Subject: [PATCH 1/3] Added summary and report of FEVM audit report from Oak Security --- content/appendix/audit_reports.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md index 32da7c394..e42ef6d86 100644 --- a/content/appendix/audit_reports.md +++ b/content/appendix/audit_reports.md @@ -10,6 +10,17 @@ dashboardAudit: n/a Security is a critical component in ensuring Filecoin can fulfill its mission to be the storage network for humanity. In addition to robust secure development processes, trainings, theory audits, and investing in external security research, the Filecoin project has engaged reputable third party auditing specialists to ensure that the theory behind the protocol and its implementation delivers the intended value, enabling Filecoin to be a safe and secure network. This section covers a selection of audit reports that have been published on Filecoin's theory and implementation. +## Filecoin Virtual Machine + +### `2023-03-09` Filecoin EVM (FEVM) + +- Report: [Filecoin EVM Audit](https://github.com/oak-security/audit-reports/blob/master/Filecoin%20Foundation/2023-03-09%20Audit%20Report%20-%20Filecoin%20EVM%20(FEVM)%20v1.1.pdf) +- Audit conducted by **Oak Security** + +The audit covers the implementation of: + +- FEVM's [builtin actors](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) out of which only [actors/evm](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) and [actors/eam](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/eam) were included in scope along with code base of [ref-fvm](https://github.com/filecoin-project/ref-fvm). The report included auditing EVM runtime action and implementation, correctness of EVM opcodes, including Ethereum Address Manager(EAM). The report also included issues and enchanements methods for gas model and F4 addresses. The audit team also reviewed the message execution flow and kernel setup, WASM integration and FVM logs. All the valid issues raised by the audit were resolved and acknowledged including few informational issues. More details on these issues are available in the report. + ## Lotus ### `2020-10-20` Lotus Mainnet Ready Security Audit From 244f6bfbbd63d8c5ac056135bc4fb910e04cba9e Mon Sep 17 00:00:00 2001 From: smagdali Date: Fri, 14 Jul 2023 14:59:58 +0200 Subject: [PATCH 2/3] Update audit_reports.md fixed a couple of typoes --- content/appendix/audit_reports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md index 8afeba1a7..ee6bc58af 100644 --- a/content/appendix/audit_reports.md +++ b/content/appendix/audit_reports.md @@ -19,7 +19,7 @@ Security is a critical component in ensuring Filecoin can fulfill its mission to The audit covers the implementation of: -- FEVM's [builtin actors](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) out of which only [actors/evm](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) and [actors/eam](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/eam) were included in scope along with code base of [ref-fvm](https://github.com/filecoin-project/ref-fvm). The report included auditing EVM runtime action and implementation, correctness of EVM opcodes, including Ethereum Address Manager(EAM). The report also included issues and enchanements methods for gas model and F4 addresses. The audit team also reviewed the message execution flow and kernel setup, WASM integration and FVM logs. All the valid issues raised by the audit were resolved and acknowledged including few informational issues. More details on these issues are available in the report. +- FEVM's [builtin actors](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) out of which only [actors/evm](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) and [actors/eam](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/eam) were included in scope along with code base of [ref-fvm](https://github.com/filecoin-project/ref-fvm). The report included auditing EVM runtime action and implementation, correctness of EVM opcodes, including Ethereum Address Manager(EAM). The report also included issues and enhancements methods for gas model and F4 addresses. The audit team also reviewed the message execution flow and kernel setup, WASM integration and FVM logs. All the valid issues raised by the audit were resolved and acknowledged including a few informational issues. More details on these issues are available in the report. ## Lotus From b3d6ddf423cf10274a8fbcf0de8ac154a49a31b9 Mon Sep 17 00:00:00 2001 From: Ian Davis Date: Fri, 14 Jul 2023 18:24:13 -0700 Subject: [PATCH 3/3] prettier --write --- content/appendix/audit_reports.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md index ee6bc58af..c03051c9e 100644 --- a/content/appendix/audit_reports.md +++ b/content/appendix/audit_reports.md @@ -14,12 +14,12 @@ Security is a critical component in ensuring Filecoin can fulfill its mission to ### `2023-03-09` Filecoin EVM (FEVM) -- Report: [Filecoin EVM Audit](https://github.com/oak-security/audit-reports/blob/master/Filecoin%20Foundation/2023-03-09%20Audit%20Report%20-%20Filecoin%20EVM%20(FEVM)%20v1.1.pdf) +- Report: [Filecoin EVM Audit]() - Audit conducted by **Oak Security** The audit covers the implementation of: -- FEVM's [builtin actors](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) out of which only [actors/evm](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) and [actors/eam](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/eam) were included in scope along with code base of [ref-fvm](https://github.com/filecoin-project/ref-fvm). The report included auditing EVM runtime action and implementation, correctness of EVM opcodes, including Ethereum Address Manager(EAM). The report also included issues and enhancements methods for gas model and F4 addresses. The audit team also reviewed the message execution flow and kernel setup, WASM integration and FVM logs. All the valid issues raised by the audit were resolved and acknowledged including a few informational issues. More details on these issues are available in the report. +- FEVM's [builtin actors](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) out of which only [actors/evm](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/evm) and [actors/eam](https://github.com/filecoin-project/builtin-actors/tree/1b11df4b399550753a4105f45f58bc07015af2a3/actors/eam) were included in scope along with code base of [ref-fvm](https://github.com/filecoin-project/ref-fvm). The report included auditing EVM runtime action and implementation, correctness of EVM opcodes, including Ethereum Address Manager(EAM). The report also included issues and enhancements methods for gas model and F4 addresses. The audit team also reviewed the message execution flow and kernel setup, WASM integration and FVM logs. All the valid issues raised by the audit were resolved and acknowledged including a few informational issues. More details on these issues are available in the report. ## Lotus