We have been porting, testing and improving the tools of the Avalanche blockchain and some of the libraries that they depend on, and we already have results:
blst solved the
problem and improved
the security of the library with the commits
dae1f and
6cca1
--a constant table goes to a read-only section (.rodata) not
allowing an attacker to modify it after the program starts.
With the funding of this project we will go through a deeper audit of the sources, completing the porting effort and more integral testing to keep contributing pull requests and suggestions to improve the security of Avalanche tools and the libraries that they depend on.
| Date | Repository | Tagged version in original repository | Branch in forked repository | Notes | PRs | Works |
|---|---|---|---|---|---|---|
| 8.Mar.2024 | supranational/blst | v0.3.11 |
master
in original repository with fix proposed by
author of blst
|
Withouth the fix in most CPUs (except Ryzen 5)
blst produced segmentation faults in
OpenBSD/adJ see the
issue we opened
|
Commit
1 and commit
2 proposed by author of
blst with our feedback. This fix
improves the security of this
library used by all the Avalanche tools. It makes
impossible for an attacker to change one table
with constants required by the BLS12-381 signature
after the program that use this library starts.
|
Yes |
| 4.Mar.2024 | cockroachdb/pebble | 829675f94811 | ava1.11.0.adJ74 | Backported OpenBSD support from v1.1.0 | Yes |
| Date | Repository | Tagged version in original repository | Branch in forked repository | Notes | PRs | Works |
|---|---|---|---|---|---|---|
| 1.Aug.2024 | ava-labs/avalanche-cli | v1.7.0 | v1.7.padJ | Proposed PR 2075 to update blst to version 0.3.12. For building, avalanche-cli requires older versions of avalanchego, coreth, subnet-evm and avalanche-network-runner. We requested update in Issue 2077. We also tried a trivial update of versions in go.mod but that is not enough. | PR 2075 | No |
| 31.Jul.2024 | ava-labs/subnet-evm | v0.6.8 | v0.6.8 | Version 0.6.8 was released by ava-labs team on 30th July. | see previous | Yes |
| 28.Jul.2024 | ava-labs/subnet-evm | v0.6.8-rc.2 | v0.6.8rc.2adJ | Proposed PR 1258 to update blst to version 0.3.12. | 1258 | Yes |
| 28.Jul.2024 | ava-labs/avalanche-network-runner | v1.8.2 | v1.8.2adJ | Proposed PR 725 to update blst to version 0.3.12. Updated some versions as required in issue 726 | 725 | Yes |
| 28.Jul.2024 | ava-labs/coreth | v0.13.7 | v0.13.7adJ | Proposed PR 615 to update blst to version 0.3.12. | 615 | Yes |
| 27.Jul.2024 | ava-labs/avalanchego | v1.11.10 | v1.11.10adJ | Updated PR 2809 to pass lint tests and review. | 2809 | Yes |
| 4.Jun.2024 | ava-labs/avalanchego | v1.11.6 | v1.11.6adJ | Library `blst` updated to 0.3.12 (improves security and fixes sporadic segmentation fault on OpenBSD/adJ). | 3080 | Yes |
| 4.Jun.2024 | ava-labs/avalanchego | v1.11.6 | v1.11.6adJ | Improved PR 2809 adding support for new test. `tests/fixture/tmpnet/detached_process_default.go` . | 2809 | Yes |
| 5.Mar.2024 | ava-labs/avalanchego | v1.11.1 | v1.11.1adJ74 | Added storage support for OpenBSD/adJ | 2809 | Yes |
| 18.Mar.2024 | ava-labs/avalanchego | v1.11.0 | v1.11.0adJ74 | see previous | Yes | |
| 18.Mar.2024 | ava-labs/avalanchego | v1.10.11 | v1.10.11adJ74 | see previous | Yes | |
| 7.Mar.2024 | ava-labs/coreth | v0.13.0-rc.0 | v0.13.0rc.0adJ74 | Small contribution that improves portability. | 510 | |
| 18.Mar.2024 | ava-labs/coreth | v0.12.5-rc.6 | v0.12.5adJ74 | see previous | Yes | |
| 7.Mar.2024 | ava-labs/avalanche-network-runner | v1.7.6 | v1.7.6adJ74 | Small contribution that improves portability. | 707 | Yes |
| 18.Mar.2024 | ava-labs/avalanche-network-runner | v1.7.2 | v1.7.2adJ74 | See previous | Yes | |
| 19.Mar.2024 | ava-labs/subnet-evm | v0.5.6 | v0.5.6adJ74 | Small contribution that improves portability. | 1119 | Yes |
| 18.Mar.2024 | ava-labs/subnet-evm | v0.6.0-fuji | v0.6.0fujiadJ74 | See previous | Yes | |
| 18.Mar.2024 | ava-labs/precompile-evm | avalanche-academy-start | avalancheacademystartadJ74 | Yes | ||
| 8.Mar.2024 | ava-labs/avalanche-cli | v1.4.1 | v1.4.1adJ74 |
scripts/build.sh requires ulimit -d
4000000
We made a simple PR that improves portability.
|
1539 | Yes on 4.Jun.2024 |
| Starting Date | Ending Date | What | Reward | Links | Claimed by | Results |
|---|---|---|---|---|---|---|
| 23.May.2024 | 30.May.2024 | Video of installation of adJ 7.4 in a Virtual Machine | 1 AVAX | Group Avalanche en adJ, Group Avalanche - Español, Group Avalanche Academy (subgroup Spanish) Group OpenBSD México Twitter | - | Video by Vladimir |
| Starting Date | Ending Date | What | Results |
|---|---|---|---|
| 30.Jul.2024 | 30.Aug.2024 | Validating for one month with most recent version of the ported tools on OpenBSD/adJ. See transaction. | Working |
| 29.Jul.2024 | 30.Jul.2024 | Validating for one day with most recent version of the ported tools on OpenBSD/adJ | Worked without issue |
Dear ava-labs friends, please open the source of the wallet Core. Meanwhile for typical operations with Avalanche C-Chain and subnets we prefer and recommend Metamask (compiled by you).
This porting effort started in October 2023 in the context of Avalanche Academy when we tried to use the wallet Core in OpenBSD/adJ and noticed that its sources were closed and that it requires WebAssembler. See the post in the Telegram group. By the way we recommend Avalanche Academy and are thahkful for the time, encouragment and answers specially of Andrea, Martin and Ash.