Welcome to Developer Update #10,000,000!

Binary haters will say it’s only number 128.

The Tari base layer audit

We announced the start of Tari’s base layer code audit way back in Developer update #112.

The review was completed in November 2023 – a four-month effort – and the audit report from Coinspect is now available, and we are happy to share it with the community.

The audit covered around 60% of the most critical parts of the quarter million lines of Tari’s base layer code.

I must commend the incredible work done by the Coinspect team. The fact that they could take such a complicated piece of software, break it down, and put their finger on so many high severity issues in a relatively short period is testament to the expertise that was deployed on this audit.

The architectural diagram they produced, I’m somewhat abashed to write, provides a clearer picture of information flow between the Tari base layer subsystems than anything currently in our doc stack! We may have to commandeer this diagram for RFC-0111 going forward :)

The audit process

The Coinspect team worked independently of the Tari core developers, but we scheduled regular calls to share progress and feedback as to the general themes of issues that were being discovered.

For example, the auditors identified a cluster of issues around merge-mining. There was another thematic cluster of issues concerning data handling which could lead to denial-of-service attacks.

This early and regular feedback made it clear that we were missing multiple issues that had a common underlying cause. After some investigation and multiple discussions, we identified several shortcomings in our review processes.

The core developers then set about developing a new set of processes and guidelines for managing code quality and started applying it both retroactively and to new code.

The impact was immediate and the frequency of high-severity issues found by Coinspect started to drop off significantly.

The results

Ultimately, there were quite a large number of high-severity issues (22) identified by the auditors, even considering the size of the code base.

Of note, there were zero critical issues identified.

These issues have all been resolved and identified as such by Coinspect.

Conclusion

The fact that the core consensus code and blockchain systems have had an expert set of eyes cast over them aside, the learnings taken from working with the Coinspect team and the subsequent improvements to the Tari code review process are the most valuable aspect of the entire exercise.

I am quietly confident that when the time comes for the Layer Two audit, the steps that have been put in place will be evident, and the concentration of findings will be severely reduced, even given that the layer 2 code is completely new and, in many places, unique technology.

I’ll let the Coinspect team have the last word, taking this quote from their blog post:

Tari is a great example of a bleeding-edge blockchain with several features that make it an interesting case study with non-trivial vulnerabilities… Interactions with Tari during the audit process were superb. The development team showed understanding of the issues encountered and promptly began the work to not only fix the reported issues but to implement recommended security policies such as fuzzing. They have shown that security is a top concern for them and are committed to continually decrease the risk for future users.