This page documents all of the things we ask of third party security auditors when bidding and contracting for an independent review of Hyperledger projects.

Requirements

  • Static and hand analysis of sensitive areas of the code, specifically the code that interacts with cryptography libraries, network interfaces, and the file system.
  • Fuzzing of both network API's and library API's.
  • Static analysis and best practice enforcement with a linter over the entire code base.
  • Malicious node attacks on the network.

Optional

  • Dependency checks looking for known vulnerabilities and/or updates.
  • License audit to ensure all dependency licenses are properly followed.

Other Criteria

  • Early reporting of issues as they are found by the auditing team so that fixes can be made in parallel.
  • The team conducting the audit also has the capability to do PCI/GDPR/HIPPA/etc compliance auditing that we can offer to integrators building applications.
  • A written report with detailed analysis.
  • No labels

1 Comment

  1. Grace Hartley

    Hey David Huseby -

    From PegaSys' perspective, these requirements seem about right. Here are some comments in relation to auditing Hyperledger Besu:

    • Cryptography libraries: We would like them to look at privacy, but that is a separate codebase from Hyperledger Besu (Orion) so it might not be feasible.
    • Network Interfaces: Previous auditor looked at library code on networking layer. They didn’t look into connecting to a node on devp2p layer.

    • File system: Besu has a database migration path that is important to look at

    • Malicious node attacks: We think this is very important to look at. A few ideas for more context around this are: 
      • Network level scenario testing is important
      • Eclipse attacks and limiting remote peers checks

      • Identify any denial-of-service cases in the EVM implementation

      • Review public key exchange between nodes

      • Provide guidance on node private key storage

    • We agree that license checks and dependency checks can be optional. They are fairly low priority for us.

    Other things to look at with Hyperledger Besu:

    • GraphQL interface is new
    • Smart contract based permissioning is new and unique to our codebase.
    • In Other Criteria: We would like to request a weekly check-in as well as a follow-up meeting a few weeks after the security audit is completed to confirm all issues have been addressed.

    Thanks!