October 04, 2023
Base layer development update
The core team has been diligently focusing on two key areas: ChatFFI and Core security.
One of the biggest pieces of the Tari tech stack is our comms layer. This is an overlay network on top of TCP/IP and lets participants in the Tari network find each other, communicate with and even store messages for peers on the Tari network. All this is managed without a single centralising server, and all communication is E2E encrypted and authenticated.
Obviously, the primary use case for the Tari comms layer is Tari transaction and block broadcasting. However, the comms layer is actually a general purpose communications protocol.
You could very easily, say, play peer to peer chess using the Tari Comms layer. Equally, one could run the world’s most private and secure chat application. No phone numbers, not a single server, just 100% peer-to-peer messaging. This is the thinking behind the development of the ChatFFI library: an independent library for facilitating the development of peer-to-peer chat across the Tari network.
It’s still in an alpha state, but steady progress is being made, and the functionality will be included into Aurora in the coming months.
On the security front, the team has dedicated itself to an exhaustive code audit process, inspecting every line for potential vulnerabilities. In conjunction with the diagrams, we meticulously examine the logic of the code to verify that it operates correctly and as intended. Rust, our language of choice, provides a solid foundation for crafting secure code. We are continually working to eradicate all occurrences of “unsafe” code, such as
unwrap() and unchecked arithmetic, from the codebase. Additionally, we have initiated a proactive campaign to subject Tari and its dependent libraries, including Monero-rs, to extensive fuzzing tests, thereby ensuring their security and vulnerability-free status.
For a comprehensive list of the security enhancements accomplished thus far, please refer to the github page.