Skip to content

feat(audit): Kick off public security review with formal verification framework #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat(audit): Kick off public security review with formal verification framework #102

wants to merge 5 commits into from

Conversation

0xsecaas
Copy link
Contributor

This PR starts a public, developer-led security audit of the threshold-signatures codebase.

Key contributions in this initial phase:

  • Added Kani formal proof for transmute_state unsafe cast.
  • Introduced audit/README.md and supporting Markdown files to track audit methodology, findings, and risks.
  • Documented critical path invariants and potential failure modes for transmute_state.
  • Laid out plans for fuzzing, CI checks, and additional formal proofs.

⚠️ Note: This is just the beginning. The audit structure, methodology, and documentation will evolve as we analyze more code, and findings may change significantly.

💡 Feedback and contributions are highly encouraged, especially for identifying attack surfaces and critical paths.

@0xsecaas
feat(audit): Progressively audit the codebase
51c7f11 
This commit introduces a formal verification harness using Kani to prove
the correctness of the `unsafe` `transmute_state` function in the Strobe
implementation.

  Key changes:
    - Added a Kani proof harness that verifies the `unsafe` pointer cast
is equivalent to a safe, little-endian byte-wise conversion.
    - Derived `kani::Arbitrary` for `AlignedKeccakState` to enable its
use in the proof.
    - Added comments to the `transmute_state` function, warning
developers of the critical size, alignment, and endianness invariants.
    - Initialized an `mdbook` in the `audit/` directory to document the
ongoing security audit, starting with an analysis of this `unsafe`
block.
@0xsecaas
refactor(audit): use simple md instead of mdbook for flexibility
b0b8fda
@0xsecaas
fix(audit): add navigation
8fcc5ac
@0xsecaas
refactor(audit): separation of concern
2f6d04e
@0xsecaas
fix(fmt): apply linter
7062936
@netrome
Copy link
Collaborator

netrome commented Sep 25, 2025

Thank you for creating this PR @0xsecaas. We're currently prioritizing other lines of work and this would require some verification before we can merge it. I.e. we will likely not have the capacity to properly review this anytime soon, so please be aware that this may be on hold for a while.

@0xsecaas
Copy link
Contributor Author

@netrome Thanks for clarifying, I understand the prioritization.

For context, this PR, besides the audit/ markdown files, addresses a security concern in an unsafe block.

  1. I added a unit test to guard against unintended memory layout mismatch, and
  2. formally proved the soundness of that unsafe code (a proof that it produces results consistent with the safe u64::from_le_bytes alternative;

This provides additional assurance without changing functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@netrome netrome Awaiting requested review from netrome

At least 1 approving review is required to merge this pull request.

Assignees

@0xsecaas 0xsecaas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xsecaas @netrome