Updated: 2026-04-17
Mainnet Gate: BLOCKED until all required scopes below are Completed with signed reports.
| ID | Auditor | Scope | Signed Ref | Signed On | Status | Report |
|---|---|---|---|---|---|---|
| AUD-2026-001 | Redacted External Auditor (under NDA) | /contracts/ethereum |
SOW-ETH-2026-02-14-A | 2026-02-14 | In progress | audits/reports/2026-02-14-preaudit-baseline.md |
| AUD-2026-002 | Redacted External Auditor (under NDA) | Consensus + vote extensions | SOW-CONS-2026-02-14-B | 2026-02-14 | In progress | audits/reports/2026-02-14-preaudit-baseline.md |
| INT-2026-001 | Internal Security Review | Full protocol (Go, Solidity, Rust) | N/A | 2026-02-22 | Completed | 27 findings, all remediated and verified |
| INT-2026-002 | Internal Full Audit v2 | Full protocol -- 36 findings | N/A | 2026-02-23 | Completed | 36 findings, all verified and CLOSED (2026-03-30) |
| CON-2026-001 | External Consultant | VRF + protocol review | N/A | 2026-02-28 | Completed | RS-01 (Critical) verified and CLOSED (2026-03-30) |
| MR-2026-001 | Multi-Repo Strict Snapshot | 9 public repos -- governance/process | N/A | 2026-02-24 | Partially Remediated | 10 findings: 7 partially remediated, 4 remediated locally (pending push) |
| Severity | Open | In Progress | Closed | Accepted Risk |
|---|---|---|---|---|
| Critical | 0 | 0 | 3 | 0 |
| High | 0 | 0 | 5 | 0 |
| Medium | 0 | 0 | 8 | 0 |
| Low | 0 | 0 | 7 | 0 |
| Informational | 0 | 0 | 6 | 0 |
| Severity | Open | In Progress | Closed | Accepted Risk |
|---|---|---|---|---|
| Critical | 0 | 0 | 1 | 0 |
- Title: Non-constant-time hash-to-curve in VRF implementation
- File:
crates/consensus/src/vrf.rs(lines 457-496) - Fix: Replaced try-and-increment with RFC 9380 Simplified SWU via
k256::hash2curve - Status: Fixed (2026-02-28)
- Threat model: Completed (
docs/security/threat-model.md) - Formal verification plan: Created (
docs/security/FORMAL_VERIFICATION.md) - Fuzzing infrastructure: Documented (
docs/security/FUZZING.md) - Monitoring & alerting: Documented (
docs/security/MONITORING.md) - Security runbooks & upgrade procedures: Created (
docs/security/SECURITY_RUNBOOKS.md) - Code quality standards: Documented (
docs/security/CODE_QUALITY.md) - Decentralization roadmap: Created (
docs/security/DECENTRALIZATION_ROADMAP.md)
The following simulated/placeholder crypto implementations were replaced with production-grade libraries during the pre-audit hardening pass:
| Component | File | Before | After |
|---|---|---|---|
| Kyber Core (keygen/encaps/decaps) | crates/core/src/crypto/kyber.rs |
SHAKE-256 simulation | pqcrypto-kyber (kyber512/768/1024) |
| Kyber Transport (P2P) | crates/core/src/transport/kyber_libp2p.rs |
DefaultHasher (SipHash) |
pqcrypto-kyber + hkdf HKDF-SHA256 |
| ECDSA Recover (VM) | crates/vm/src/precompiles/crypto.rs |
Returned hash[0..20] |
k256::ecdsa secp256k1 recovery |
| Dilithium Verify (VM) | crates/vm/src/precompiles/crypto.rs |
Always returned true |
pqcrypto-dilithium verify_detached |
| Kyber Decaps (VM) | crates/vm/src/precompiles/crypto.rs |
SHA-256(input) | pqcrypto-kyber decapsulate |
| Hybrid Verify (VM) | crates/vm/src/precompiles/crypto.rs |
Always returned true |
Real ECDSA + Dilithium verify chain |
| Python Dilithium | sdk/python/.../dilithium.py |
SHAKE-256 simulation | liboqs oqs.Signature (+ fallback) |
| Python Kyber | sdk/python/.../kyber.py |
SHAKE-256 simulation | liboqs oqs.KeyEncapsulation (+ fallback) |
| Python ECDSA (Wallet) | sdk/python/.../wallet.py |
SHAKE-256 simulation | ecdsa library (secp256k1, RFC 6979) |
| Python Address | sdk/python/.../wallet.py |
Hex encoding | Bech32 encoding (aethel1...) |
| Python Key Export | sdk/python/.../wallet.py |
No encryption | Fernet AES-256 + PBKDF2 (480k iters) |
| Verify Keeper Tests | x/verify/keeper/keeper_test.go |
No tests | 20+ unit tests (all pass) |
Updated: 2026-03-02
| Gate | Description | Status | Evidence |
|---|---|---|---|
| G1 | Audit signoff | PASS | All findings closed (see tables above); external audits AUD-2026-001/002 in progress |
| G2 | CI branch-protection gates | PASS | Core Required Gate, Security Required Gate, E2E Required Gate, Contracts Required Gate, Rust Required Gate, Load Test Required Gate all enforced |
| G3 | Dependency integrity (Go vendoring) | PASS | GOFLAGS=-mod=mod in CI; go.sum integrity-checked; no replace directives |
| G4 | Dependency integrity (Rust) | PASS | All [[bench]] targets have matching source files; cargo audit clean |
| G5 | SAST / security scanning | PASS | .github/workflows/security-scans.yml: gosec, trivy, gitleaks, slither, govulncheck, cargo-audit, npm audit |
| G6 | Formal verification / fuzzing | PASS | .github/workflows/fuzzing-ci.yml: Go native fuzzing + Rust cargo-fuzz (4 PQC targets) |
| G7 | Fail-closed production config | PASS | AllowSimulated=false default in genesis; compile-time assertion via -tags production; runtime override in readiness.go; production genesis at integrations/deploy/config/genesis/genesis-mainnet.json |
| G8 | HSM / key-management preflight | PASS | crypto/hsm/preflight.go: pre-start validation (connectivity, test-sign, key label, PKCS#11); cmd/aethelredd/hsm_preflight.go CLI gate |
| G9 | Production-like E2E topology | PASS | e2e-docker-smoke CI job (Docker Compose real-node profile + verifiers + smoke tests); TestEndToEnd_RealNodeDockerSmokeGate |
| G10 | Exploit simulation determinism | PASS | Seed-based deterministic RNG via AETHELRED_SCENARIO_SEED env var; math/rand.New(rand.NewSource(seed)) per scenario |
| G11 | Ops readiness docs | PASS | Security runbooks, monitoring, threat model, formal verification plan all documented |
| G12 | Docs hygiene (no host-local path leakage) | PASS | All /Users/... absolute paths replaced with relative paths; .github/workflows/docs-hygiene.yml enforces |
- G5 SAST:
security-scans.ymlruns on every PR and push to main/develop/release branches. Required gate blocks merge on failure. - G6 Fuzzing:
fuzzing-ci.ymlruns Gogo test -fuzz(4 fuzz targets inapp/vote_extension_fuzz_test.go) and Rustcargo-fuzz(4 PQC fuzz targets incrates/core/fuzz/). - G7 Production config: Three-layer enforcement: (1)
DefaultParams().AllowSimulated = falsein genesis types, (2) compile-time-tags productionassertion inapp/allow_simulated_prod.go, (3) runtime override inapp/readiness.go. - G8 HSM preflight:
aethelredd hsm-preflightperforms: HSM connectivity test, PKCS#11 session validation, test-sign operation, key label verification, failover readiness check. - G10 Determinism: Set
AETHELRED_SCENARIO_SEED=<int64>for reproducible partition/eclipse simulations. Each scenario runner creates a dedicatedmath/rand.Randfrom the seed.
The current external review window includes additional hardening on top of the March 30 verified baseline.
| Branch / PR | Scope | Current Head | Status | Evidence |
|---|---|---|---|---|
ramesh/broad-review-cleanup-20260416 / #139 |
Repo review-surface cleanup for TypeScript SDK and VSCode tooling | Branch head in PR | In Review | PR checks + local npm run typecheck, npm run compile, npm run lint, npm test |
ramesh/protocol-hardening-sweep-20260416 / #141 |
Bridge relayer persistence and authority, burn nonce extraction, fail-closed zk proof and TEE/VM verification, authenticated simulated keeper attestations, deterministic simulated EZKL verification, deterministic simulated keeper zk proof binding, secure-by-default TEE precompile registry wiring, seal verifier fail-closed defaults, stateful seal revocation approval/execution, removal of the ordinary privileged seal-revocation bypass, narrowed raw keeper revoke entrypoints, quorumed emergency seal revocation, explicit authority enforcement on governance-only vault keeper methods, authority-gated non-overwritable relay liveness challenges with audit logging, loopback-by-default admin consensus-audit endpoint enforcement with explicit bearer-token authorization for remote exposure, truthful simulated/degraded health reporting with 503 reserved for genuinely unhealthy runtime posture, redacted public health diagnostics with detailed output gated to loopback or explicit token authorization, loopback-by-default metrics endpoint enforcement with explicit bearer-token authorization for remote scraping, forwarded proxy traffic no longer inheriting unauthenticated loopback trust on admin, metrics, or detailed health routes, fail-closed remote TEE endpoint validation across startup and health probing, fail-closed readiness endpoint probing for configured verifier targets, fail-closed EZKL remote prover/verifier endpoint validation, fail-closed DCAP collateral and CRL endpoint validation, fail-closed mirrored worker Nitro remote endpoint validation, fail-closed drand relay endpoint validation with bounded local fallback decoding, fail-closed TEE worker backend proxy endpoint validation, fail-closed lightweight attestation collateral backends, fail-closed Nitro parser placeholder path, fail-closed ARM parser and signature placeholder paths, fail-closed shared endpoint literal-IP bypasses, loopback-or-bearer TEE worker API enforcement with token-aware remote client requests, fail-closed SGX TCB placeholder evaluation, Nitro remote client bearer-token alignment, fail-closed TEE startup gating for real remote verifier modes, explicit simulated Nitro client identity with schema-consistent quote/proof artifacts, fail-closed Nitro payload confidentiality handling, fail-closed seal signature verification semantics, fail-closed seal export provenance semantics, honest PQC backend availability gating, fail-closed enhanced seal signature semantics, fail-closed seal import provenance semantics, aligned simulated TEE platform taxonomy across app and PoUW validation, ABCI vote-extension request binding for validator identity and height, runtime enforcement of locked PoUW governance parameters, governance compatibility and compliance alignment with runtime lock policy, auditable trusted-measurement registry mutations with legacy Nitro index reconciliation, bonded-quorum trusted-measurement emergency revocation, aligned security audit and threat-model narratives with the hardened production governance posture, formal threat-model/open-item truth-alignment for live downtime slashing enforcement, cryptographic mempool signature enforcement, fail-closed VM job-registry proof verification, owner-bound sovereign payload encryption and fail-closed sovereign access control, validator slashing economic-penalty enforcement, timelock-safe automation keeper ownership, fail-closed non-local deployment authority resolution, real hybrid secp256k1 + Dilithium signer/verification in the worker runtime, governance bootstrap, Cruzible deployability |
Latest branch head in PR | In Review | docs/audits/protocol-hardening-sweep-2026-04-16.md |
These branches are additive hardening tranches and do not reopen any finding that was already marked CLOSED on the March 30 baseline. They exist to reduce residual reviewer risk before the next external audit pass.
- Update this file in every audit-related PR.
- Each closed finding must link to a commit/PR in
/audits/remediation/.