[ANN] Security Audits of POA Network

igorbarinov 2018-01-08 07:27:51 UTC #1

AuthorityRound consensus protocol and implementation

Audit of the Aura consensus protocol Jean-Philippe Aumasson :
https://drive.google.com/file/d/1DVoCedlsNe8NUV6nSE2ymFtFfNugqpVn/view?usp=sharing
POA Network commentary by Yurii Rashkovski
https://github.com/oraclesorg/aura-review-commentary
POA Network Pull Request with fixes to Parity
https://github.com/paritytech/parity/pull/7282

POA Network consensus and governance smart contracts

https://www.authio.org/post/poa-network-contract-audit
by Alexander Wade, Authio
https://github.com/bokkypoobah/OraclesPoANetworkConsensusContractsAudit/tree/master/audit
by Bokky PooBah

Mobile wallet

Security audit of Trust Wallet on iOS and Android https://drive.google.com/file/d/1ilGVrR8iDVm25IAn46EesaD6uRB-B99d/view?usp=sharing

Infrastructure, network attacks, DDoS

Audit by by dsec.ru in Russian language https://drive.google.com/file/d/1gT3SOE4cP2ayN3LG9EbGbFqxlnSElVzz/view?usp=sharing
Translation to English https://drive.google.com/file/d/1hIPGWLAFOKbmznACwa_fI3OG6jCHV2lB/view?usp=sharing

POA Network. News and updates #23

jlegassic 2017-12-15 17:50:57 UTC #2

No Solidity expert but there has been something troubling me about the binding of an active Ballot and what POA consensus it is using.

The way current code is structured and used is the following possible?

addValidatorBallotA is created using consensusA ( say some voting occurs )
changeConsensusBallot to consensusB is created and approved before (1) completes
addValidatorBallotA is now pointing to consensusB

If so, seems undesirable.

igorbarinov 2017-12-16 01:30:26 UTC #3

BallotA will not succeed because the address has changed for the ballot contract

jlegassic 2017-12-16 18:59:10 UTC #4

OK. I’ll see if there is a test case for this use case.