nearbuilders / audits Goto Github PK

View Code? Open in Web Editor NEW

8.0 2.0 8.0 51.83 MB

Public Audits in the NEAR Ecosystem

audits near

audits's People

Contributors

Stargazers

Watchers

Forkers

otter-sec veridise dongcool rajaauditone timurguvenkaya emarai gfranchi-hacken vikpande

audits's Issues

add electron bridge vulnerabilities

Garvit | Electron
Posting this thread to address the security concerns raised on Electron Bridge.

1/3
Yes, we are aware of the issue, and we had taken necessary precautions to mitigate this before the launch of the bridge itself. This vulnerability is not exploitable on the bridge right now.

https://twitter.com/garvitgoel03/status/1670351793870761985?s=46&t=w1K-2akWm132Lj7mGi5p2g

Maksym Zavershynskyi (nearmax.near) ⋈
@weikengchen @nearprotocol @labs_electron That's why @NEARDevHub is looking to publicly audit these circuits and determine the next course of actions https://t.co/dhh6K0r4Qw . To clarify, @wormholecrypto 's NEAR<>ETH ZK bridge is based on entirely different circuits developed by @ZpokenWeb3 .

https://twitter.com/mzavershynskyi/status/1670197415994101760?s=46&t=w1K-2akWm132Lj7mGi5p2g

Weikeng Chen
"Electron Labs' bridge between NEAR and Ethereum is vulnerable. Zk circuits used for the NEAR light client are incomplete and severely under-constrained. It is possible to create valid proofs for invalid set of signatures. User funds are at risk!" @nearprotocol? @labs_electron?

https://twitter.com/weikengchen/status/1670163273759735808?s=46&t=w1K-2akWm132Lj7mGi5p2g

https://twitter.com/rahul__ghangas/status/1666366824395739136?s=46&t=w1K-2akWm132Lj7mGi5p2g

https://www.halborn.com/blog/post/stader-labs-nearx-update

Find original audit before exploit

add atomic wallet hack

added contribution markdown file

example and reference in readme instead of putting in main readme as PR Best Pracice

Contribution Guidelines

We welcome all types of contributions to our project, including but not limited to:

Suggesting new reference techniques which prioritize smart contract vulnerability detection.
Adding exploits or slips up and firms that slipped up with reference to their initial audit
Adding active or (marking old bug programs as deactive)
Adding additional audits (make sure to reference original audit in table but also upload the pdf of the audit to the Audit folder with the following naming convention YEAR-MONTH-DAY-FIRM-SCOPE-OF-AUDIT.pdf
Adding additional security firms (note only add the firm from now on if you have also provided an audit firm in the same PR
Fixing typos and streamlining the categorization process
Adding additional NEAR Security resources
-Add more projects that you are asking for audits to
End to End testing and Appsec reports
Suggesting improvements to the classification standard
Correcting mislabeled bug and exploits or descrbing an audit more cleary (For ex; HERE Wallet -> HERE Wallet liquid staking)
Improvements to contribution guidelines

Format

Make a PR and make sure to # the close the issue number if relevant

Thank you for your contributions!