Venus recently completed a security audit and released an audit report by Least Authority. At the same time, the Venus team released a milestone version — venus v1.0.0, which will enable global storage providers (miners) and storage clients to store their valuable data on the largest distributed storage network-Filecoin.
Venus(previously known as go-filecoin) resumed development in October 2020 as handed over and maintained by the IPFSForce team, Venus has released several versions after that. Two milestones have been achieved, from chain synchronization to returning to the mainnet, from the first node deployed to the first storage pool (mining pool) built on the Filecoin network, and completed the previous agreement with Protocol Labs to build an implementation within and for the community. Now, running with Venus can bring stable Filecoin storage services to storage providers (miners) or technical service providers (miners).
- venus v0.9.0: Venus returns to the mainnet and deploys the first node running with Venus.
- venus v0.9.1: Support spec-actor v3 and Network v10, start Security Audit.
- venus v0.9.4: Support Network v11, all components of Venus already support a complete distributed storage pool (mining pool) function.
- venus v0.9.5: Support spec-actor v4 and Network v12, release distributed storage pool version 1.0.x, and support building a complete storage service (mining) system.
- venus v0.9.6: Start the first Filecoin distributed storage pool on the mainnet, and continue to deploy more nodes by the community.
- venus v0.9.7&venus v0.9.8: Support spec-actor v5 and Network v13.
- venus v1.0.0: The security audit is completed and the audit report is announced.
The Venus team recently released a landmark version — venus v1.0.0. This version is the first official version after the security audit. We will continue to improve criterias the report suggested, and release updates on venus community and development in a timely manner in order to provide Filecoin storage providers with more convenient and effective solutions. In the meantime, we do welcome feedback and suggestions from storage providers and developers on some important functions. We will work together closely with the whole community to build the strong and resilient Venus implementation.
About Security Audit
Security audit is a common and important evaluation of software engineering. After 3 months, Venus has recently passed the security audit of Least Authority, an authoritative blockchain audit organization.
The Venus team strictly revised the key issues in the use of the implementation based on the audit results. The most commonly used method for audit work is to adopt the method of ‘automatic analysis + manual verification’, which covers the correctness of the implementation process, the vulnerabilities in a single component and the secure interaction between modules, the implementation of private key management, storing assets surely, data privacy, API access security, any attacks related with funds, adversarial actions and the other review items.
Through research, investigation, review, reporting, and modification, this audit improved the security and efficiency of Venus implementation, such as chain synchronization, key security, API stability, and structural rationality. Venus team communicates with the auditor in a timely manner, locates and solves problems found in the report, and strives to fix major issues with our engineers . At the same time, some problems that do not affect the use will continue to be followed up and optimized.
The audit report pointed out that the current security audit scope is sufficient because it has included the entire implementation process, such as all security-critical components of the implementation. While the dependencies used by the Venus implementation were not in scope, the use of dependencies is mostly limited to standard libraries that are both well audited and maintained. For example, Venus makes use of the spec-actors dependency, which performs a core functionality of the implementation. While spec-actors was not in scope, it has recently undergone an independent security review too.
Since Venus introduced the distributed storage(mining) pool architecture, Venus components have gradually been modularized, and now they are coherent with the Filecoin network perfectly. In general, Venus team will work with storage providers, developers and the other ecosystem participants to continue to refine and iterate existing components, providing long-term value to Venus storage providers and retrievers. We are moving steadily towards the next milestone, and we do welcome all kinds of ecosystem participants to participate in the construction of the Venus community. Find us on Github Venus and share with us about your suggestions here.