Just to give a quick update. First of all thanks so much to everyone who has donated thus far! The support you have shown has touched us.
We are still quite a long way from our target but we hope to raise more funds but we cannot wait too long on this so we’ve started going on a limited scope audit as follows:
We have engaged Trail of Bits for 2 engineer weeks to do a security review of the implementation of their privacy protocol Lelantus (lelantus.io) through a combination of manual and automated review. Activities include but are not limited to:
- Review of the cryptographic library implementation and reconciliation against the Lelantus paper with a focus on:
- Confirming the code implements what the paper proposes
- Opinion on paper quality or correctness will not be provided
- Concerns around deanonymization
- Failure of the protocol/code that would allow coins to be created out of thin air (inflation)
- Apply a comprehensive suite of tools to quickly and automatically uncover bugs
- Review the architecture of the system for design flaws
- Perform focused manual code review
Security Engineers: - Jim Miller - Tech Lead
- Will Song
This will cost us USD32,000
We have also engaged SmartDEC for the following:
- Wallet implementation and crypto library code without checking it for correctness (since this is covered by Trail of Bits)
Audit will be carried out by Lenar Safin
This will cost us USD14,000
We are also in talks with two cryptographers who will work as a team to audit the Lelantus paper itself. They can begin in July. We are still in discussion of the fee but this is also really dependent on whether we can raise the necessary.
We are taking a risk here if the current donation level stays here as these will significantly exhaust the team’s rainy day fund leaving us a bit vulnerable to price shocks. Please do contribute what you can thank you!