search

gnolang / gno

Gno: An interpreted, stack-based Go virtual machine to build succinct and composable apps + gno.land: a blockchain for timeless code and fair open-source.
https://gno.land/
Other
898 stars 374 forks source link

RFC: Realms for coordinating audits on-chain #3062

Open kristovatlas opened 2 weeks ago

kristovatlas commented 2 weeks ago

Description

To facilitate the security auditing of Gno realms, we will publish security provider realms to coordinate between realm developers and auditors.

There will be at least 2 realms in this process:

  1. r/sec/providers: Allows individuals and companies to register as auditors

    • register(label) -- one registration per calling address. label must be globally unique.
    • unregister()

  2. r/sec/audits: Allows devs and auditors to propose quotes for contract audits, and publish reports. It will also allow individuals to raise funds to pay for the audits. Devs will post a request, auditors will post competing proposals.

    • create(request) returns requestId -- creates an audit request specifying what is needed. SHOULD include contact information about how auditors can send intermediary reports prior to publicly disclosing final results to chain, like an email address, since this is the convention for how such information will be exchanged. request is Github-Flavored Markdown. Caller will become owner of this request indexed by address.
    • updateRequest(requestId, request) -- Update existing audit request (callable by owner of request only)
    • deleteRequest(requestId)
    • createPool(requestId, tokenType) -- creates a token pool of either GNOT or GRC-20 to receive funds to fund audit. This function may only be called once for each request and lacks an update mechanism currently.
    • addProposal(requestId, proposal, [paymentAddress]) returnspropId-- upload a proposal to fulfill an existing audit request.proposalis Github-flavored Markdown indicating intended work, budget requirements, etc. Caller must have registered withr/sec/providers`.
    • updateProposal(propId, proposal) -- callable by proposal owner
    • updatePaymentAddress(propId, paymentAddress) -- callable by proposal owner
    • accept(requestId, propId) -- can only be set to one at a time, but can be called multiple times to replace previous invocations. Callable by request owner.
    • pay(requestId, amt) -- Send payment to auditor who owns proposal. The owner of the request must have already called accept and the proposal must have set paymentAdress. Execution does not necessarily indicate that the audit is fully paid for. Callable by request owner.
    • report(propId, doc) -- Uploads a public document from an auditor, where doc is Github-flavored Markdown. The caller must be the owner of the proposal, ensuring that only the auditor can update this report. In clients such as gnoweb, reports SHOULD be displayed after a warning banner reminding users that the information is not approved by Gno.land contributors and to be cautious of any links or social engineering instructions related to signing, sending funds, etc.
moul commented 2 weeks ago

We should seek feedback from auditors who might be interested in helping us design this on-chain pentest platform.

We can also delegate most of the creation of the platform's realms through a bounty.

Later, we will likely integrate with Gnoweb to create a "badge."