docs: audit notes #91
Conversation
docs/quarkslab-audit/README.md
Outdated
| The fork may be updated in the future against a more recent upstream tag if doing so does not introduce conflicts in Tari repositories. | ||
| Further, an open [upstream pull request](https://github.com/dalek-cryptography/curve25519-dalek/pull/546) would add partial precomputation support; if it is accepted, the implementation may change its curve library dependency to upstream. |
There was a problem hiding this comment.
I think we should update to their (curve25519-dalek) latest version and apply our specific changes to it in our fork, similar to what we did in the past.
There was a problem hiding this comment.
Certainly can. Upstream switched to a monorepo structure after the release candidates, but I doubt this would cause issues other than pulling in a lot of functionality that wouldn't be needed. I'll test this out.
There was a problem hiding this comment.
See this issue.
There was a problem hiding this comment.
Addressed in the curve library fork by this PR.
AaronFeickert
force-pushed
the
audit-notes
branch
4 times, most recently
from
3472175
to
a1ced35
Compare
There was a problem hiding this comment.
Just a small comment below, and then I was wondering, if would it be beneficial to list the PRs we introduced that addressed all the concerns the auditors had, the ones we did due to the "tips" we received during the audit and the ones we did to address the formal findings? Then a reader could look at the audited commit and the relevant PRs leading up to the final commit after the audit to put everything in context.
|
The lint-related changes recommended by the auditors were made over the course of several PRs, many of which also addressed other things like refactoring or efficiency. I'm not sure how useful it would be for the reader to list them all. I'll add a link to the audit commit/tag. |
AaronFeickert
force-pushed
the
audit-notes
branch
from
0a0b8b8
to
e6405a1
Compare
This adds the Quarkslab audit report and a brief list of responses.