TL;DR
This post calls for proposals to audit the forthcoming XDC2.0 consensus upgrade. Deadline: 30/Sep/2023, anywhere in the earth.
Background
XDC2.0 is a significant backward-incompatible upgrade of the XDC network. It will create a hard fork that requires all the network participants to comply. This upgrade will change the consensus engine of the XDC network from XDPoS1.0, a delegated proof-stake (DPoS) plus longest-chain mechanism, to XDPoS2.0, a DPoS mechanism with the optimal Byzantine-fault-tolerance (BFT) based on the chained-Hotstuff algorithm.
The upgrade is led by Professor Pramod Viswanath from Princeton University and his protocol engineering team. This upgrade will enhance the security level of XDC network against malicious master nodes without compromising the network’s high performance (e.g., high transaction throughput) and applications (e.g., all the EVM-compatible smart contract-based applications). It will also broaden the adoption of the XDC network due to the new features it brings in, such as forensics and enterprise private subnet.
The upgrade has been deployed on the XDC devnet since June 2023 and has worked properly without any issues for 2 months – until the protocol team shut it down and redeployed it to incorporate recent upgrades from the community.
Before applying XDC2.0 to the XDC mainnet, at least two requirements should be met:
- The upgrade is deployed to the XDC Apothem testnet and works without issues for at least three months.
- The upgrade passes the audit from at least one highly professional and reputable audit team.
The results of the deployment and audit will be published for the community to make the final decision.
Scope of the Audit
- Object: all the code developed between V1.1.0 and V1.4.8 under the XDPoSChain repo
-
Goal: to provide, after neccesary iterations of code modifications, an assessment on whether XDC2.0 is suitable to be deployed to the XDC mainnet or not. Here, by “suitable”, we mean:
- The implementation of the algorithm meets the desired BFT security (including safety and liveness) properties.
- The code is high-quality and robust, with all edge cases covered, so it will not cause network failures or enable security-threatening attacks.
-
Supports from the protocol team:
- Provide all the related codes and documentation
- Guide deployment and testing
- Answer technical questions and participate in technical discussions
- Evaluate code revision suggestions and implement the changes
Requirements
The successful audit team should:
- be highly reputable in the industry
- have deep expertise in auditing consensus protocols with a provable track record
- submit a comprehensive proposal with:
- clearly defined scope of work
- clearly explained methodology
- a good estimate of the workforce the team will bring in
- a good estimate of the timeline, or a convincing justification if an estimate cannot be given
- a comprehensive fee scheme
How to Submit
Please submit your proposal by either replying to this post with your proposal in text, or, if your proposal is a file, replying to this post with a link to your file.
Deadline: 31/Sep/2023, anywhere in the earth.
Discussion (12)
Dear XDC Team,
I am pleased to inform you that Beosin has recently updated our proposal to align with the expanded scope of the XDC2.0 security audit. You can access the detailed proposal via the following link.
drive.google.com/file/d/1nlOtfuvlQ...
Beosin stands as a distinguished global leader in blockchain security, co-founded by esteemed professors hailing from world-renowned universities. Our exceptional team comprises over 100 security experts, including 40+ individuals holding PhDs and postdoctoral qualifications.
We have been engaged in discussions with the XDC team since May this year, diligently planning and strategizing for the security audit. We are thrilled about the prospect of contributing to the enhanced security of XDC 2.0.
For any further inquiries or clarifications, please don't hesitate to contact me directly at brandifang@beosin.com or reach out via the Telegram handle @BrandiFANG.
Best Regards,
Beosin
The Defimoon security expert team is pleased to offer a professional and comprehensive audit of the XDC2.0 consensus mechanisms.
Our team of cybersecurity experts, blockchain developers, and auditors have extensive experience in researching, analyzing and designing blockchain networks consensus protocolsand decentralized applications. As a result, we are well-positioned to help ensure the security compliance and performance of XDC2.0
By engaging in a systematic, structured audit process that covers risk assessment, codereview compliance, performance evaluation, security assessment, testing, and reporting, we aim to provide XDC with the necessary insights, guidance, and recommendations to maximize the security, performanceand compliance of your consensus mechanism
As cybersecurity and blockchain experts, Defimoon is committed to helping you ensure a robust, dependable, and efficient consensus mechanism that strengthens the foundation of your blockchain network.
Scope of work
Defimoon will focus on auditing the consensus of all modules in the XDPoSChain repository
Methodology
Risk Assessment:
Identify potential risks, analyze their likelihood and impact, and develop risk mitigation strategies.
Code Review:
Examine the source code for vulnerabilities, flaws, and optimization opportunities, utilizing manual and automated analysis while assessing dependencies and suggesting security-focused code improvements
Compliance Review:
Evaluate alignment with relevant industry standards, best practices, compliance processes, and backup and recovery mechanisms.
Performance Evaluation:
Analyze transaction throughput, latency, and resource usage to identify bottlenecks and optimization areas.
Security Assessment:
Review encryption, authentication, access control, network security, and incident response to identify potential vulnerabilities and suggest improvements
Testing:
Conduct functional, performance, security, edge case, and stress tests to assess the consensus mechanism's resilience and robustness in various scenarios
Reporting:
Present a comprehensive report containing detailed findings, recommendations, risk assessment summary, test results, and supporting documentation for the XDPOSChain consensus mechanism audit.
Workforce
We recognize the importance of XDC2.0 and the seriousness of the consensus mechanism update, therefore we are allocating 5 experts for the project audit: 1 Blockchain Consensus advisor (Professor in Mathematics & Computer Science), 2 Senior Solidity Devs, and 2 CyberSecurity Specialists.
Timeline
Considering the importance of auditing the consensus, as it is the foundation of any blockchain's operation, we plan to conduct an audit of XDC2.0 over 4-6 weeks. If time is a priority for the XDC team, we are happy to accommodate your requirements and reduce the audit duration to 3 weeks. However, based on our experience, auditing the consensus often requires additional time for more detailed further testing.
Fee scheme
This task will take approximately 400 hours of work from our specialists: senior solidity devs, senior cybersecurity team, and a professor in mathematics. Given the qualifications and size of the team we are dedicating to XDC2.0, the cost of auditing the consensus will be $55,000.
This amount can be divided, for instance, into 4 iterations and paid after each week of our audit process. I suggest the following payment scheme:
15% upfront after signing the contract, followed by weekly payments of $11,690, in accordance with the progress we will be making.
The company has been operating since 2020 and has taken a leading position in auditing the cybersecurity of DeFi protocols.
Defimoon's expertise is growing due to constant practice in developing successful DeFi projects on leading ecosystems: Algem.io ($12m in TVL) on Astar Network, HaqqPad on Haqq Network, and KYC Systems on Moonbeam.
Our cybersecurity services are trusted by industry leaders with tens of millions $ in TVL, including Inverse.finance, ComTechGold, XDCS, BitMart Exchange, Metavault, Dexfinance, and Spherium.
There are two crucial points I'd like to communicate to the XDC team:
We would like to offer audit insurance coverage up to $500,000. Defimoon partners with a leader in crypto project insurance, and we're ready to provide you with flexible terms for this service.
Security Subscription. This is an effective model we've employed with Inverse Finance – throughout the subscription period, XDC can send us multiple repositories and smart contracts one by one, and we will conduct audits without additional charges. You pay once and get unlimited audits.
Regarding our offer on the xdc dev website, I want to reiterate that our team genuinely operates at the highest level of quality. Defimoon is more flexible; our team is available to answer your questions and engage in regular calls with the XDC team; we have enough expertise on board to perform a high-quality audit of an entire blockchain.
Hi XDC Team,
I hope this process is coming along well. Exciting stuff.
We have updated our proposal lower in this post, to be even more competitive in the quality and due diligence we will bring, to emphasise that we have the recent experience and in-house skills to provide the best service.
Chat soon,
Fletcher Roberts; fletcher@hashlock.com.au
We are pleased to submit this audit proposal for your consideration. Our team at Beosin has extensive experience in conducting comprehensive audits, and we are confident in our ability to meet your auditing needs. The proposal outlines the scope of work, methodology, estimated resources, timeline, and fee structure for the audit project.
Scope of Work:
Our audit scope covers all modules of the XDC2.0 network, as this is our standard process for auditing blockchain networks. However, based on your requirements, we will adjust the focus of the audit to the consensus module of the XDC2.0 network. Therefore, while we will still deploy and test the entire network, the majority of our time will be dedicated to auditing the consensus module of the XDC2.0 network, especially the modification part.
Audit Methodology:
For the XDC2.0 network, with the consensus module being the core component, our focus will primarily be on the methods used by the consensus module. These methods include:
Consensus algorithm security analysis: Analyzing the principles, assumptions, and key steps of the consensus algorithm, and evaluating potential vulnerabilities, attack vectors, and risks.
Source code analysis of the consensus module: Reviewing the source code of the consensus module to identify potential vulnerabilities, errors, and insecure coding practices. We will assess code quality, security, and readability, and provide improvement recommendations to ensure the security and reliability of the consensus module.
Network parameter configuration checks and testing: Verifying the parameter configuration of the consensus module to ensure compliance with best practices and security recommendations.
Consensus algorithm fault tolerance testing: Evaluating the parameter configuration of the consensus module to ensure compliance with best practices and security recommendations. We will assess aspects such as parameter selection, key management, and random number generation in the consensus algorithm, and provide improvement recommendations to enhance the security and performance of the consensus module.
Node performance testing: Assessing the performance and scalability of the consensus module to determine its performance under large-scale transactions and network loads. We will analyze metrics such as throughput, latency, and network bandwidth requirements of the consensus algorithm, and evaluate its reliability and efficiency in different scenarios.
Estimated Resources:
Based on the initial assessment by our team leader, we will assign a dedicated team of four professionals to conduct the audit of the XDC2.0 network. These four individuals will be divided into two groups: a functional testing group and a security analysis group. The functional testing group will focus on testing the normal functionality of the XDC2.0 network (including simulating various scenarios), while the security analysis group will primarily seek potential security vulnerabilities in the XDPoS2.0 code and perform corresponding testing and validation.
Timeline:
We anticipate completing the audit process within 15 days. This timeline includes 1-2 days for setting up the network environment and understanding the overall framework and design principles of XDC. 2-3 days will be allocated for basic functional testing, including node operations, wallet, RPC interfaces, and transaction processing. 8-9 days will be dedicated to testing the code implementation and actual performance of XDPoS2.0, including relevant simulated attack tests. The remaining 2-4 days will be used for addressing any audit-related issues and delivering the audit report. Please note that this timeline is preliminary, and during the actual audit, we will provide regular progress updates to keep you informed throughout the audit process.
Fee Scheme:
22,500 USDT / 15 Business days
Thank you for considering our proposal!
HEXENS is a leading cybersecurity solutions provider in Web3. Our specialization is in securing novel technologies and brave builders' solutions, including but not limited to zk solutions, L1/L2s, liquid staking protocols, and more.
Hexens has been operating since 2021 and is now working closely with the biggest and most prominent brands across the world, securing assets worth $55 BLN among blockchain projects, financial institutions, web applications, and government organizations. Trusted by Polygon, 1inch, Celo, Lido, EigenLayer, TON, Nubank, API3, and many others.
hexens.io
Previous audits
Besides confidential audit reports of consensus algorithms and L1/L2s, we recently conducted a security assessment of the Bahamut blockchain (github.com/Hexens/Smart-Contract-R...) that unrevealed multiple vulnerabilities in consensus algorithm implementation. More audit reports can be found at hexens.io/audits or on the GitHub repository above. Please pay attention to the keenness in issue descriptions and detailed explanations of possible attack vectors.
The team
Hexens' engineering team consists of multiple CTF winners, PhDs in Computer Science and Math, world bug bounty-hunting leaders, and computer science researchers across the world. The unique approach to hiring security talents enabled us to find critical vulnerabilities in 90% of initial audits performed in the last 2 years.
Methodology and approach
We believe that the key to cybersecurity is mitigating risks. Despite the fact that we value the skills and trust our teammates, in every audit, we engage two different teams consisting of at least 4 security engineers (with 2 Senior Researchers in each of them) simultaneously reviewing a code because the most vulnerable point of security services, in our opinion, is the human factor.
This approach became a reason why none of our clients faced security incidents since 2021, stability issues, and unsmooth operations.
During an audit, we comprehensively research code logic, math, implementation, and any interconnected parts. Primarily, this work is based on manual code review, sometimes using different tools, from a code behavior simulation in a test environment to in-depth math modeling and calculation.
Estimations
We estimate the scope of the XDPoSChain repo for 8 auditing weeks, including all the functional parts of the chain and native smart contracts. As long as Hexens does sign its name under the project security, we highly recommend full audit coverage of the executable parts to provide the best results both for performance and secureness.
The cost of $170,000 is divided into two parts:
Each week we run a call between the security and development teams, sharing findings "on the fly" and available for any raised questions.
For additional information and to book a presentation reach out to us via info@hexens.io
Hi XDC2 Dev Team!
Hope we are not late to the party! We are Sayfer, and we audit blockchains.
For the past week we did an extensive review of all of your documents and here is our detailed proposal:
sayfer.io/audit-proposals/XDC2.0
If you have any questions, shoot me a telegram message @nir_1337.
Nir,
Sayfer CEO
Good Morning,
Runtime Verification is pleased to submit a proposal for consideration. It can be found here -drive.google.com/file/d/1ruhI477Ca....
A copy of the text is below.
Proposal for XDC
Submitted by Runtime Verification
September 18, 2023
Administrative
*Two verification engineers are staffed to every project. Each engineer is assigned 100% to the engagement. One engineer serves as engagement lead and is the primary liaison with the customer. Additional resources can be added if deemed necessary to do so.
*All engagements begin with a project kickoff.
*All findings are reported in real time via a communication agreed upon by both parties (Slack or Discord)
*A formal report will be drafted and delivered to the customer at the end of the engagement.
*Reports for previous customers can be found here:
github.com/runtimeverification/pub...
*Code changes, because of submitted findings and recommendations, will be reviewed at the end of the engagement. Changes to code base will be noted in the final report but original findings will not be removed.
*Time Estimate: A code base of this size requires an engagement of 10 weeks.
*Cost Estimate: The estimated cost is $150,000.
Notes:
*RV expects to receive project materials that it can review prior to the audit engagement.
*RV expects the customer will be available before and during the audit for consultation. This includes discussion on the selected communication channel as well as weekly meetings to review submitted findings and assess engagement progress.
*Given the size and complexity of the code base, Runtime Verification standard full audit is infeasible. The standard full audit includes two fundamental components –
(1) Design Modeling & Business Logic Review and
(2) Code Review.
*This audit, on the other hand, will include a thorough code review prioritized to focus on the areas of the code base deemed to be mission critical and/or subject to edge cases. As mentioned above, prioritization will require continued participation from the customer team.
*This audit will start with a design and property extraction phase, where engineers work closely with the client and studying the code to build a system-level exact understanding of the protocol and document it as needed.
*Thereafter the system will be examined for flaws, important edge cases, uncertainties, limitations and anything else that is relevant for understanding the exact intended high-level behavior, and for locating protocol-level bugs or weaknesses.
*Finally, the documentation of the two previous phases will act as foundation for the code deep dive, in which common bugs (rounding errors, incorrect reads or writes, etc etc) are detected but also the code is tested for the correct handling of edge cases, according to the specification. Any discrepancies will be classified as bugs, or will be used to correct the specification, feeding back into further checks for protocol level bugs.
*The phases mostly proceed linearly, but findings in later phases can lead to some feedback loops, meaning that the phases are repeated. This is part of the normal flow of the audit and is incorporated into the estimate.
Hey team,
CertiK is happy to submit our proposal below. As the largest cybersecurity firm in web3, we leverage industry leading talent and technology to deliver a full-stack approach to security. We are very excited for the opportunity to help secure the XDC network!
All details including scope, timeline, pricing, etc is detailed within the proposal: certik.com/proposals/xdc2.0.pdf
Please don’t hesitate to reach out if there are any questions or if you would like to schedule a call for further discussion. Marshall.Weaver@certik.com or @CertiKMarshall on Telegram!
Best,
CertiK
Proposal for XDC2.0 Consensus Mechanism Audit
By Hashlock: Australian based, Leading Edge Blockchain Cyber Security. hashlock.com.au/
Introduction:
XDC2.0 is embarking on an ambitious journey, and as the industry leading Blockchain Security Research firm with recent experience in Go language networks, Hashlock is fully equipped and excited to guide you through this pivotal phase. We bring a fresh approach to the audit process with a blend of passion, expertise, and innovation.
Why Choose Hashlock?
Hashlock is Australia's leading independent blockchain cybersecurity and smart contract auditing firm. We are a highly specialized, academic Blockchain Cybersecurity firm coming from manual analysis, community auditing backgrounds and differentiate by the quantity of findings and being maintaining a high level of collaboration with clients, both in Australia and globally.
We also run trustedweb3.io , a one stop information hub for all things Blockchain Cybersecurity and a recognition of security focused industry stakeholders. The NSW Government, Blockchain Australia, RMIT University, and enterprise contributors have joined in on this initiative with Hashlock.
We have the experience!
Hashlock has regularly audited go language layer one blockchain networks, and has the case studies to prove it. The Redbelly Network redbelly.network/ is a layer one blockchain built on Golang that came from the University of Sydney and CSIRO, and is one of the leading projects in APAC. These types of go language network audits are more intensive than traditional smart contract audits, and yet we have the proven track record and case studies in this area. Hashlock was the trusted auditor on this project, and is still conducting security work with them preparing for their launch.
Existing Relationship!
Hashlock has built an existing relationship with the Australian XDC team members and representatives in Australia. Hashlock is also known within the community as a respected academic Blockchain Security Research Firm.
The Hashlock Difference:
Manual Analysis Code Deep-Dive: Instead of just a review, we immerse ourselves in your code, ensuring we grasp its essence while spotting vulnerabilities.
Security Research is our focus. Hashlock is made up of cyber security academics and professionals, who have specialized in blockchain technology for several years.
Risk Landscape: Before diving in, we paint a complete picture of potential risks, ensuring a proactive approach throughout.
Fortress Evaluation: Our holistic security approach spans from encryption protocols to user access, ensuring a 360-degree shield.
Performance Metrics: We don't just find bottlenecks; we provide actionable insights to enhance efficiency.
Resilience Trials: Our tests simulate real-world challenges, preparing your system for any eventuality.
Transparency Redefined: Our reports are clear, actionable, and designed for both technical and non-technical stakeholders.
Dedicated Team:
Understanding the significance of the XDC2.0 project, we've allocated:
1 Lead Security Researcher.
6 Blockchain Security Researchers.
The credentials of our lead security researcher are as follows;
Engagement Duration:
We propose a flexible timeframe ranging from 3 to 6 weeks. While we value efficiency, our primary goal is thoroughness and accuracy. The timeline will also include collaborative kick off meetings and progress meetings with your team.
Investment Outline:
For a meticulous audit process that ensures optimum security and performance, our professional fee is pegged at $70,000 USD. We are flexible with payment methods.
Payment Structure:
Initial Onboarding: 50%
Before Preliminary Report: 50%
Your vision deserves the best protection. Let's make XDC2.0 a benchmark in blockchain security and performance.
With Respect and Anticipation,
The Hashlock Team
To continue this discussion, please email fletcher@hashlock.com.au
Dear XDC Team,
I’m reaching out to you for your security audit requirement.
Please find our proposal in the link below:
XDC <> QuillAudits Proposal(docs.google.com/document/d/1dv97y_...)
I’m sure to be your ideal partner as our internal team has been proactive at gauging multiple attack vectors and bolster your security on recurring basis(if required).
Let’s connect sometime in the coming days for us to elaborate over our findings and understandings.
Sincerely,
Partho RoyC
Business Development Head
QuillAudits