misaradmin/synor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
synor/docs/SECURITY_AUDIT_SCOPE.md
Gulshan Yadav b22c1b89f0 feat: Phase 7 production readiness improvements 
- Add SYNOR_BOOTSTRAP_PEERS env var for runtime seed node configuration
- Implement secrets provider abstraction for faucet wallet key security
  (supports file-based secrets in /run/secrets for production)
- Create WASM crypto crate foundation for web wallet (Ed25519, BIP-39)
- Add DEPLOYMENT.md guide for testnet deployment
- Add SECURITY_AUDIT_SCOPE.md for external security audit preparation
- Document seed node deployment process in synor-network

Security improvements:
- Faucet now auto-detects /run/secrets for secure key storage
- CORS already defaults to specific origins (https://faucet.synor.cc)
- Bootstrap peers now configurable at runtime without recompilation
2026-01-08 07:21:14 +05:30

259 lines
7.7 KiB
Markdown
Raw Blame History

# Synor Blockchain Security Audit Scope
This document defines the scope for external security audits of the Synor blockchain.
---
## 1. Overview
**Project**: Synor - High-throughput blockDAG with quantum-resistant cryptography
**Language**: Rust (core), TypeScript (web wallet)
**Audit Priority**: High (pre-mainnet requirement)
### Key Innovations to Audit
- GHOSTDAG consensus with PHANTOM ordering
- Hybrid Ed25519 + Dilithium3 post-quantum signatures
- WASM-based smart contract VM
- Custom UTXO model with parallel validation
---
## 2. Audit Scope by Priority
### 2.1 Critical Priority (Must Audit)
#### Cryptographic Primitives (`crates/synor-crypto/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| Keypair generation | `src/keypair.rs` | Entropy sources, secure randomness |
| Ed25519 signatures | `src/signature.rs` | Signature malleability, validation |
| Dilithium3 PQC | `src/dilithium.rs` | Parameter validation, side-channel resistance |
| Hybrid signatures | `src/hybrid.rs` | Composition correctness, fallback behavior |
| Address derivation | `src/address.rs` | Bech32m encoding, checksum validation |
| Key encryption | `src/lib.rs` | AES-256-GCM, Argon2 parameters |
**Specific Concerns**:
- Verify Dilithium3 implementation matches FIPS 204 draft
- Check for timing side-channels in signature verification
- Validate entropy sources on different platforms
#### Consensus (`crates/synor-consensus/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| GHOSTDAG | `src/ghostdag.rs` | K-cluster selection, anticone calculation |
| Ordering | `src/ordering.rs` | Topological sort, merge set computation |
| Block validation | `src/validation.rs` | PoW verification, timestamp checks |
| Difficulty adjustment | `src/difficulty.rs` | DAA window, manipulation resistance |
| Finality | `src/finality.rs` | Finality depth, reorg resistance |
**Specific Concerns**:
- GHOSTDAG K parameter (K=18) sufficient for 10 BPS?
- DAA vulnerability to timestamp manipulation
- Selfish mining / withholding attack resistance
#### DAG Structure (`crates/synor-dag/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| Block storage | `src/store.rs` | Hash collision handling |
| Parent selection | `src/relations.rs` | Tip selection algorithm |
| Blue score | `src/blue_score.rs` | Score computation correctness |
### 2.2 High Priority
#### Smart Contract VM (`crates/synor-vm/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| WASM executor | `src/executor.rs` | Sandbox escape, memory isolation |
| Gas metering | `src/gas.rs` | Metering accuracy, DoS prevention |
| Host functions | `src/host.rs` | Input validation, state access |
| Memory management | `src/memory.rs` | Bounds checking, overflow |
**Specific Concerns**:
- WASM sandbox escape vulnerabilities
- Gas exhaustion attacks
- Host function privilege escalation
- Stack overflow in recursive contracts
#### Transaction Processing (`crates/synor-types/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| Transaction structure | `src/transaction.rs` | Signature verification order |
| UTXO management | `src/utxo.rs` | Double-spend prevention |
| Script validation | `src/script.rs` | Opcode security |
### 2.3 Medium Priority
#### Network Layer (`crates/synor-network/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| P2P protocol | `src/service.rs` | Message validation, DoS vectors |
| Peer reputation | `src/reputation.rs` | Ban bypass, sybil resistance |
| Rate limiting | `src/rate_limit.rs` | Token bucket implementation |
| Sync protocol | `src/sync/` | Malicious peer handling |
**Specific Concerns**:
- Eclipse attack resistance
- Network partition detection accuracy
- Gossipsub topic amplification
#### Storage (`crates/synor-storage/`)
| Component | File | Focus Areas |
|-----------|------|-------------|
| Block storage | `src/block_store.rs` | Corruption recovery |
| UTXO set | `src/utxo_store.rs` | Consistency guarantees |
| Pruning | `src/pruning.rs` | Data availability after prune |
### 2.4 Lower Priority
#### RPC API (`crates/synor-rpc/`)
| Component | Focus Areas |
|-----------|-------------|
| JSON-RPC handlers | Input validation, injection |
| WebSocket | Connection limits, memory exhaustion |
| Rate limiting | Bypass prevention |
#### Governance (`crates/synor-governance/`)
| Component | Focus Areas |
|-----------|-------------|
| DAO voting | Vote weight manipulation |
| Treasury | Withdrawal limits, timelocks |
| Proposals | Execution safety |
#### Node Application (`apps/synord/`)
| Component | Focus Areas |
|-----------|-------------|
| Configuration | Secrets handling |
| Service orchestration | Race conditions |
| CLI wallet | Key storage security |
---
## 3. Out of Scope
The following are **not** in scope for the initial audit:
- Third-party dependencies (covered by cargo-audit)
- Web wallet frontend (separate web security audit)
- DevOps/infrastructure security
- Physical security of node operators
- Social engineering vectors
---
## 4. Threat Model
### 4.1 Adversary Capabilities
| Level | Description | Mitigations Expected |
|-------|-------------|---------------------|
| L1 | Remote attacker, no stake | Network protocol security |
| L2 | Minority miner (<33% hashrate) | Consensus security |
| L3 | Majority miner (>50% hashrate) | Finality guarantees |
| L4 | Quantum computer access | Dilithium3 signatures |
| L5 | Nation-state (future) | Quantum + classical resistance |
### 4.2 Key Security Properties
1. **Consensus Safety**: No conflicting finalized blocks
2. **Liveness**: Transactions confirm within reasonable time
3. **Censorship Resistance**: No single entity can block transactions
4. **Key Security**: Private keys protected from extraction
5. **Quantum Resistance**: Secure against future quantum computers
---
## 5. Prior Work & References
### Consensus
- PHANTOM/GHOSTDAG papers (Sompolinsky & Zohar)
- Kaspa implementation reference
- DAGKnight improvements
### Cryptography
- FIPS 204 (Dilithium) draft specification
- Ed25519 (RFC 8032)
- Bech32m (BIP-350)
- Argon2 (RFC 9106)
### Smart Contracts
- WASM specification
- Wasmtime security model
---
## 6. Deliverables Expected
1. **Full Report**: Detailed findings with severity ratings
2. **Executive Summary**: Non-technical overview
3. **Findings by Category**:
- Critical (immediate action required)
- High (fix before mainnet)
- Medium (fix within 30 days)
- Low (best practice improvements)
- Informational (suggestions)
4. **Proof of Concepts**: For any exploitable vulnerabilities
5. **Remediation Verification**: Re-check after fixes
---
## 7. Audit Timeline
| Phase | Duration | Description |
|-------|----------|-------------|
| Kickoff | 1 day | Scope review, access setup |
| Crypto Audit | 2 weeks | synor-crypto, synor-consensus |
| VM Audit | 1 week | synor-vm, contract security |
| Network Audit | 1 week | synor-network, P2P protocols |
| Report | 1 week | Findings documentation |
| Remediation | 2 weeks | Fix implementation |
| Verification | 3 days | Re-audit of fixes |
**Total**: ~7 weeks
---
## 8. Contact & Resources
### Repository Access
- Main repo: `github.com/g1-technologies/synor` (private until audit)
- Test vectors: `docs/test-vectors/`
- Architecture docs: `docs/architecture/`
### Points of Contact
- Technical Lead: [To be assigned]
- Security Lead: [To be assigned]
### Development Environment
- Rust 1.75+
- `wasm32-unknown-unknown` target
- All tests: `cargo test --workspace`
- Benchmarks: `cargo bench --workspace`
---
## 9. Previous Audits
None (first external audit)
---
## 10. Changelog
| Date | Version | Changes |
|------|---------|---------|
| 2026-01-08 | 1.0 | Initial scope document |
---
*Prepared for Phase 7: Production Readiness*
Reference in a new issue View git blame Copy permalink