Page tree
Skip to end of metadata
Go to start of metadata

This page documents all of the things we ask of third party security auditors when bidding and contracting for an independent review of Hyperledger projects.

Requirements

  • Static and hand analysis of sensitive areas of the code, specifically the code that interacts with cryptography libraries, network interfaces, and the file system.
  • Fuzzing of both network API's and library API's.
  • Static analysis and best practice enforcement with a linter over the entire code base.
  • Malicious node attacks on the network.

Optional

  • Dependency checks looking for known vulnerabilities and/or updates.
  • License audit to ensure all dependency licenses are properly followed.

Other Criteria

  • Early reporting of issues as they are found by the auditing team so that fixes can be made in parallel.
  • The team conducting the audit also has the capability to do PCI/GDPR/HIPPA/etc compliance auditing that we can offer to integrators building applications.
  • A written report with detailed analysis.
  • No labels

1 Comment

  1. Hey David Huseby -

    From PegaSys' perspective, these requirements seem about right. Here are some comments in relation to auditing Hyperledger Besu:

    • Cryptography libraries: We would like them to look at privacy, but that is a separate codebase from Hyperledger Besu (Orion) so it might not be feasible.
    • Network Interfaces: Previous auditor looked at library code on networking layer. They didn’t look into connecting to a node on devp2p layer.
    • File system: Besu has a database migration path that is important to look at

    • Malicious node attacks: We think this is very important to look at. A few ideas for more context around this are: 
      • Network level scenario testing is important
      • Eclipse attacks and limiting remote peers checks
      • Identify any denial-of-service cases in the EVM implementation

      • Review public key exchange between nodes

      • Provide guidance on node private key storage

    • We agree that license checks and dependency checks can be optional. They are fairly low priority for us.

    Other things to look at with Hyperledger Besu:

    • GraphQL interface is new
    • Smart contract based permissioning is new and unique to our codebase.
    • In Other Criteria: We would like to request a weekly check-in as well as a follow-up meeting a few weeks after the security audit is completed to confirm all issues have been addressed.

    Thanks!