From c939052e556a3c6fbf14dc3adec29d667045dfe5 Mon Sep 17 00:00:00 2001 From: Coby Date: Tue, 15 Oct 2024 17:02:51 -0400 Subject: [PATCH 1/3] require node types --- .../zkapps/feature-overview/package-lock.json | 21 ++++++++++++++++--- examples/zkapps/feature-overview/package.json | 1 + 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/examples/zkapps/feature-overview/package-lock.json b/examples/zkapps/feature-overview/package-lock.json index 3cd68f934..5b3bc12d2 100644 --- a/examples/zkapps/feature-overview/package-lock.json +++ b/examples/zkapps/feature-overview/package-lock.json @@ -5,12 +5,10 @@ "requires": true, "packages": { "": { - "name": "feature-overview", - "version": "0.1.0", - "license": "Apache-2.0", "devDependencies": { "@babel/preset-env": "^7.16.4", "@babel/preset-typescript": "^7.16.0", + "@types/node": "^22.7.5", "@typescript-eslint/eslint-plugin": "^5.5.0", "@typescript-eslint/parser": "^5.5.0", "eslint": "^8.7.0", @@ -1864,6 +1862,16 @@ "dev": true, "license": "MIT" }, + "node_modules/@types/node": { + "version": "22.7.5", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.5.tgz", + "integrity": "sha512-jML7s2NAzMWc//QSJ1a3prpk78cOPchGvXJsC3C6R6PSMoooztvRVQEz89gmBTBY1SPMaqo5teB4uNHPdetShQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "undici-types": "~6.19.2" + } + }, "node_modules/@types/semver": { "version": "7.5.8", "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", @@ -3998,6 +4006,13 @@ "node": ">=14.17" } }, + "node_modules/undici-types": { + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", + "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==", + "dev": true, + "license": "MIT" + }, "node_modules/unicode-canonical-property-names-ecmascript": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz", diff --git a/examples/zkapps/feature-overview/package.json b/examples/zkapps/feature-overview/package.json index 94944d7e7..1bab51adc 100644 --- a/examples/zkapps/feature-overview/package.json +++ b/examples/zkapps/feature-overview/package.json @@ -11,6 +11,7 @@ "devDependencies": { "@babel/preset-env": "^7.16.4", "@babel/preset-typescript": "^7.16.0", + "@types/node": "^22.7.5", "@typescript-eslint/eslint-plugin": "^5.5.0", "@typescript-eslint/parser": "^5.5.0", "eslint": "^8.7.0", From 7fd01357facded2ad1a98650b8bc7ff0df6a2315 Mon Sep 17 00:00:00 2001 From: Coby Date: Tue, 15 Oct 2024 17:07:51 -0400 Subject: [PATCH 2/3] adding references to the veridise audit in relevant locations --- docs/mina-security.mdx | 2 ++ .../introduction-to-zkapps/secure-zkapps.mdx | 9 +-------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/docs/mina-security.mdx b/docs/mina-security.mdx index a3126e167..024530091 100644 --- a/docs/mina-security.mdx +++ b/docs/mina-security.mdx @@ -19,6 +19,7 @@ However it doesn't stop there. Check out some other resources to see what measur ### Protocol +- [August 27, 2024 o1js](https://github.com/o1-labs/o1js/blob/a09c5167c4df64f879684e5af14c59cf7a6fce11/audits/VAR_o1js_240318_o1js_V3.pdf) by Veridise - [December 12, 2023 Pickles](https://minaprotocol.com/wp-content/uploads/Least-Authority-Pickles-Final-Audit-Report.pdf) by Least Authority - [August 28, 2023 Transaction Logic and Transaction Pool](https://minaprotocol.com/blog/least-authority-concludes-security-audit-of-mina-protocols-transaction-logic-and-transaction-pool) by Least Authority - [October 16, 2022 Mina codebase, ecosystem projects](https://minaprotocol.com/wp-content/uploads/Mina-Security-Assessment-2022.pdf) by Mo Ashouri @@ -33,6 +34,7 @@ However it doesn't stop there. Check out some other resources to see what measur - [July 16, 2021 Clor.io Wallet](https://minaprotocol.com/blog/clorio-wallet-audit) by Least Authority ### Auditors +- [Veridise](https://veridise.com/) - [Least Authority](https://leastauthority.com/) - [NCC Group](https://www.nccgroup.com/us/) - [Gauntlet Network](https://www.gauntlet.xyz/) diff --git a/docs/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps.mdx b/docs/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps.mdx index 8619d915e..d9f17653a 100644 --- a/docs/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps.mdx +++ b/docs/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps.mdx @@ -19,14 +19,7 @@ On this page, you will find guidance for how to think about security when buildi Apart from acquiring a solid understanding of security aspects of zkApps, we recommend that critical applications also get audited by independent security experts. -There has been an internal audit of the o1js code base already, [the results of which you can find here](/zkapps/o1js#audits-of-o1js). An audit by a third-party security firm is ongoing. - -:::caution - -Until the third-party audit of o1js is completed, audits of zkApps should also include the relevant parts of o1js in their scope. - -::: - +There has been an internal audit of the o1js code base already, [the results of which you can find here](/zkapps/o1js#audits-of-o1js). You can also see the results of a third-party audit, performed by Veridise, [here](https://github.com/o1-labs/o1js/blob/a09c5167c4df64f879684e5af14c59cf7a6fce11/audits/VAR_o1js_240318_o1js_V3.pdf). ## Attack model The first and most important step for zkApp developers is to understand the attack model of zkApps, which differs from traditional web apps in important ways. In essence, there are two new kinds of attack: From a81ab143fb9eb588efb0db9a361813a8793d42e8 Mon Sep 17 00:00:00 2001 From: Coby Date: Tue, 15 Oct 2024 17:11:12 -0400 Subject: [PATCH 3/3] rm noise --- .../zkapps/feature-overview/package-lock.json | 21 +++---------------- examples/zkapps/feature-overview/package.json | 1 - 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/examples/zkapps/feature-overview/package-lock.json b/examples/zkapps/feature-overview/package-lock.json index 5b3bc12d2..3cd68f934 100644 --- a/examples/zkapps/feature-overview/package-lock.json +++ b/examples/zkapps/feature-overview/package-lock.json @@ -5,10 +5,12 @@ "requires": true, "packages": { "": { + "name": "feature-overview", + "version": "0.1.0", + "license": "Apache-2.0", "devDependencies": { "@babel/preset-env": "^7.16.4", "@babel/preset-typescript": "^7.16.0", - "@types/node": "^22.7.5", "@typescript-eslint/eslint-plugin": "^5.5.0", "@typescript-eslint/parser": "^5.5.0", "eslint": "^8.7.0", @@ -1862,16 +1864,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@types/node": { - "version": "22.7.5", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.5.tgz", - "integrity": "sha512-jML7s2NAzMWc//QSJ1a3prpk78cOPchGvXJsC3C6R6PSMoooztvRVQEz89gmBTBY1SPMaqo5teB4uNHPdetShQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "undici-types": "~6.19.2" - } - }, "node_modules/@types/semver": { "version": "7.5.8", "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", @@ -4006,13 +3998,6 @@ "node": ">=14.17" } }, - "node_modules/undici-types": { - "version": "6.19.8", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", - "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==", - "dev": true, - "license": "MIT" - }, "node_modules/unicode-canonical-property-names-ecmascript": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz", diff --git a/examples/zkapps/feature-overview/package.json b/examples/zkapps/feature-overview/package.json index 1bab51adc..94944d7e7 100644 --- a/examples/zkapps/feature-overview/package.json +++ b/examples/zkapps/feature-overview/package.json @@ -11,7 +11,6 @@ "devDependencies": { "@babel/preset-env": "^7.16.4", "@babel/preset-typescript": "^7.16.0", - "@types/node": "^22.7.5", "@typescript-eslint/eslint-plugin": "^5.5.0", "@typescript-eslint/parser": "^5.5.0", "eslint": "^8.7.0",