diff --git a/SECURITY.md b/SECURITY.md index c6e8d275..f7419553 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,3 +7,51 @@ appropriate time to react, analyze and develop a fix to mitigate the found secur To report the vulnerability, please open a draft [GitHub security advisory report](https://github.com/zama-ai/fhevm/security/advisories/new) + +## Audit & verification status + +Top-level index for the security verification status of contracts in this repository. Each package maintains its own status matrix in `contracts//audits/README.md`. + +### Packages + +| Package | Tag prefix | Upgradability | Status matrix | +| ------- | ---------- | ------------- | ------------- | +| Confidential Wrapper | `wrapper` | Upgradable (UUPS) | [`contracts/confidential-wrapper/audits`](./contracts/confidential-wrapper/audits/README.md) | +| Confidential Token Wrappers Registry | `registry` | Upgradable (UUPS) | [`contracts/confidential-token-wrappers-registry/audits`](./contracts/confidential-token-wrappers-registry/audits/README.md) | +| Staking | `staking` | Mixed | [`contracts/staking/audits`](./contracts/staking/audits/README.md) | +| Governance | `governance` | Immutable | [`contracts/governance/audits`](./contracts/governance/audits/README.md) | +| Token (EVM) | `token` | Immutable | [`contracts/token/audits`](./contracts/token/audits/README.md) | +| Solana OFT | `solanaOFT` | Immutable | [`contracts/solanaOFT/audits`](./contracts/solanaOFT/audits/README.md) | +| Fees Burner | `fees` | Immutable | [`contracts/feesBurner/audits`](./contracts/feesBurner/audits/README.md) | +| Pauser Set Wrapper | `pauserSetWrapper` | Immutable | [`contracts/pauserSetWrapper/audits`](./contracts/pauserSetWrapper/audits/README.md) | +| Safe (Admin Module) | `safe` | Immutable | [`contracts/safe/audits`](./contracts/safe/audits/README.md) | + +### Conventions + +#### Git tags + +Each package uses its own scoped semver tag: `-vX.Y.Z`. See the Tag prefix column above. + +- For **upgradable** contracts, a tag is a candidate source snapshot for a proxy upgrade; the matching row in the package's status matrix is filled in once the tag has been audited and/or deployed. +- For **immutable** contracts, a tag is the source snapshot for a specific on-chain deployment. + +#### Verification tracks + +Columns used in each package's status matrix: + +- **Pre-deploy audit** — external audit on the source contracts and deployment scripts before deployment. +- **Post-deploy audit** — external review of the deployed bytecode, configuration, and state against the audited source. +- **Fuzzing and invariants** — property-based fuzzing and invariant tests run against the release. + +#### Status + +Each row in a package's status matrix carries a **Status** value indicating where that tag sits in its lifecycle: + +- **Upcoming** — tag is planned or in audit, not yet deployed. +- **Active** — tag is the currently deployed source for at least one chain. +- **Sunset** — tag has been superseded by a later version and is no longer the active deployment. +- **Skipped** — tag existed (and may have been audited) but was never deployed and has been passed over in favor of a later version. + +#### Deployed addresses + +See [`docs/addresses/`](./docs/addresses/README.md) for the current on-chain addresses of each package across all supported chains. diff --git a/contracts/confidential-token-wrappers-registry/audits/README.md b/contracts/confidential-token-wrappers-registry/audits/README.md new file mode 100644 index 00000000..ccddc797 --- /dev/null +++ b/contracts/confidential-token-wrappers-registry/audits/README.md @@ -0,0 +1,20 @@ +# Confidential Token Wrappers Registry — Audit & verification status + +Tracks the security verification status for each released version of the `confidential-token-wrappers-registry` contracts. + +- Package source: [`contracts/confidential-token-wrappers-registry`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `registry-vX.Y.Z`. These contracts are upgradable (UUPS), so a tag is a candidate source snapshot for a proxy upgrade. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ----------------- | ------ | ---------------- | ----------------- | --------------- | +| `registry-v1.0.0` | [`76dbe8f`](https://github.com/zama-ai/protocol-apps/commit/76dbe8f0bb8d254650b5e6644423c2dbc6fb6117) | - | - | Active | +| `registry-v1.0.1` | [`373c5f2`](https://github.com/zama-ai/protocol-apps/commit/373c5f29ee6e9b45a379470488a83cb20b324bdf) | ✅ | TBD | Upcoming | diff --git a/contracts/confidential-wrapper/audits/README.md b/contracts/confidential-wrapper/audits/README.md new file mode 100644 index 00000000..6906c657 --- /dev/null +++ b/contracts/confidential-wrapper/audits/README.md @@ -0,0 +1,20 @@ +# Confidential Wrapper — Audit & verification status + +Tracks the security verification status for each released version of the `confidential-wrapper` contracts. + +- Package source: [`contracts/confidential-wrapper`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `wrapper-vX.Y.Z`. These contracts are upgradable (UUPS), so a tag is a candidate source snapshot for a proxy upgrade. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ---------------- | ------ | ---------------- | ----------------- | --------------- | +| `wrapper-v1.0.0` | [`ac9f9ca`](https://github.com/zama-ai/protocol-apps/commit/ac9f9ca247328ad89dd3084854f71585fdd0c39c) | - | - | Active | +| `wrapper-v2.0.0` | [`b06eb26`](https://github.com/zama-ai/protocol-apps/commit/b06eb263d64c788a27b6bc1baf46b7547f7ec594) | ✅ | TBD | Upcoming | diff --git a/contracts/feesBurner/audits/README.md b/contracts/feesBurner/audits/README.md new file mode 100644 index 00000000..bba5563e --- /dev/null +++ b/contracts/feesBurner/audits/README.md @@ -0,0 +1,19 @@ +# Fees Burner — Audit & verification status + +Tracks the security verification status for each released version of the `feesBurner` contracts (`ProtocolFeesBurner`, `FeesSenderToBurner`). + +- Package source: [`contracts/feesBurner`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Gateway mainnet](../../../docs/addresses/mainnet/gateway.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md), [Gateway testnet](../../../docs/addresses/testnet/gateway.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `fees-vX.Y.Z`. Contracts are immutable, so each tag is the source snapshot for a specific on-chain deployment. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ------------- | ------ | ---------------- | ----------------- | ------------- | +| `fees-v1.0.0` | [`b8cbe46`](https://github.com/zama-ai/protocol-apps/commit/b8cbe46dadac9a69deec2a9fe0fa5ea1478a7c0a) | ✅ | - | Active | diff --git a/contracts/governance/audits/README.md b/contracts/governance/audits/README.md new file mode 100644 index 00000000..6312b398 --- /dev/null +++ b/contracts/governance/audits/README.md @@ -0,0 +1,19 @@ +# Governance — Audit & verification status + +Tracks the security verification status for each released version of the `governance` contracts. + +- Package source: [`contracts/governance`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Gateway mainnet](../../../docs/addresses/mainnet/gateway.md), [BSC](../../../docs/addresses/mainnet/bsc.md), [HyperEVM](../../../docs/addresses/mainnet/hyper_evm.md), [Solana](../../../docs/addresses/mainnet/solana.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md), [Gateway testnet](../../../docs/addresses/testnet/gateway.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `governance-vX.Y.Z`. These contracts are immutable, so each tag is the source snapshot for a specific on-chain deployment. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ------------------- | ------ | ---------------- | ----------------- | ------------- | +| `governance-v1.0.0` | [`14ec881`](https://github.com/zama-ai/protocol-apps/commit/14ec881d6beadae49120354ded440f6f4766412e) | ✅ | ✅ | Active | diff --git a/contracts/pauserSetWrapper/audits/README.md b/contracts/pauserSetWrapper/audits/README.md new file mode 100644 index 00000000..d93c8a0c --- /dev/null +++ b/contracts/pauserSetWrapper/audits/README.md @@ -0,0 +1,19 @@ +# Pauser Set Wrapper — Audit & verification status + +Tracks the security verification status for each released version of the `pauserSetWrapper` contracts. + +- Package source: [`contracts/pauserSetWrapper`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `pauserSetWrapper-vX.Y.Z`. These contracts are immutable, so each tag is the source snapshot for a specific on-chain deployment. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ------------------------- | ------ | ---------------- | ----------------- | ------------- | +| `pauserSetWrapper-v1.0.0` | [`b934741`](https://github.com/zama-ai/protocol-apps/commit/b934741e2f59ab7793d67ab34203a1ce9c9677c9) | ✅ | - | Active | diff --git a/contracts/safe/audits/README.md b/contracts/safe/audits/README.md new file mode 100644 index 00000000..c19a51cb --- /dev/null +++ b/contracts/safe/audits/README.md @@ -0,0 +1,19 @@ +# Safe (Admin Module) — Audit & verification status + +Tracks the security verification status for each released version of the `safe` contracts (`AdminModule`). + +- Package source: [`contracts/safe`](../) +- Deployed addresses: [Gateway mainnet](../../../docs/addresses/mainnet/gateway.md), [Gateway testnet](../../../docs/addresses/testnet/gateway.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `safe-vX.Y.Z`. These contracts are immutable, so each tag is the source snapshot for a specific on-chain deployment. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ------------- | ------ | ---------------- | ----------------- | ------------- | +| `safe-v1.0.0` | [`c414e53`](https://github.com/zama-ai/protocol-apps/commit/c414e538367d97f15dcfecce411873d1411f6269) | ✅ | ✅ | Active | diff --git a/contracts/solanaOFT/audits/README.md b/contracts/solanaOFT/audits/README.md new file mode 100644 index 00000000..d94059f2 --- /dev/null +++ b/contracts/solanaOFT/audits/README.md @@ -0,0 +1,19 @@ +# Solana OFT — Audit & verification status + +Tracks the security verification status for each released version of the `solanaOFT` program (Solana-side of the ZAMA OFT). + +- Package source: [`contracts/solanaOFT`](../) +- Deployed addresses: [Solana mainnet](../../../docs/addresses/mainnet/solana.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `solanaOFT-vX.Y.Z`. The program is immutable, so each tag is the source snapshot for a specific on-chain deployment. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Deploy status | +| ------------------ | ------ | ---------------- | ----------------- | ------------- | +| `solanaOFT-v1.0.0` | [`f771d55`](https://github.com/zama-ai/protocol-apps/commit/f771d550eac70616832fc1b4370d2bb753a3a850) | ✅ | ✅ | Active | diff --git a/contracts/staking/audits/README.md b/contracts/staking/audits/README.md new file mode 100644 index 00000000..a3a1cc6c --- /dev/null +++ b/contracts/staking/audits/README.md @@ -0,0 +1,25 @@ +# Staking — Audit & verification status + +Tracks the security verification status for each released version of the `staking` contracts. + +- Package source: [`contracts/staking`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `staking-vX.Y.Z`. These contracts are mixed upgradable and immutable, so each tag is the source snapshot for a proxy upgrade or a specific immutable on-chain deployment. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | Post-deploy audit | Fuzzing and invariants | Deploy status | +| ---------------- | ------ | ---------------- | ----------------- | ----------------------- | -------------- | +| `staking-v0.1.0` | [`b9869f6`](https://github.com/zama-ai/protocol-apps/commit/b9869f6016f88821550e98c414c725464da30cb9) | ✅ | - | - | Skipped | +| `staking-v1.0.0` | [`b631f17`](https://github.com/zama-ai/protocol-apps/commit/b631f175722f81f80ee05f94e5508261e552b341) | ✅ | ✅ | 🟡 | Active (*) | +| `staking-v1.0.1-luganodes` | [`5c5e705`](https://github.com/zama-ai/protocol-apps/commit/5c5e705fb79827cd459f014a931c22efd698654c) | ✅ | ✅ | 🟡 | Active (**) | + +Legend: +- (*) The tag is the currently deployed source for all operators EXCEPT `Luganodes`. +- (**) The tag is the currently deployed source for the `Luganodes` operator ONLY. \ No newline at end of file diff --git a/contracts/token/audits/README.md b/contracts/token/audits/README.md new file mode 100644 index 00000000..3b181418 --- /dev/null +++ b/contracts/token/audits/README.md @@ -0,0 +1,27 @@ +# Token — Audit & verification status + +Tracks the security verification status of the token contracts (`ZamaERC20`, `ZamaOFTAdapter`, `ZamaOFT`) per chain. Each chain deployment has its own audit scope, so the matrix is grouped by chain. + +- Package source: [`contracts/token`](../) +- Deployed addresses: [Ethereum mainnet](../../../docs/addresses/mainnet/ethereum.md), [Gateway mainnet](../../../docs/addresses/mainnet/gateway.md), [BSC](../../../docs/addresses/mainnet/bsc.md), [HyperEVM](../../../docs/addresses/mainnet/hyper_evm.md), [Sepolia testnet](../../../docs/addresses/testnet/sepolia.md), [Gateway testnet](../../../docs/addresses/testnet/gateway.md) +- Solana OFT: tracked separately in [`solanaOFT` audits](../../solanaOFT/audits/README.md) +- Top-level index: [`SECURITY.md`](../../../SECURITY.md) + +## Git tag convention + +Releases are tagged from the repo root as `token-vX.Y.Z`. These contracts are immutable, so each tag is the source snapshot for a specific on-chain deployment. A single tag covers all EVM chain deployments of that version. + +## Verification status + +Legend: ✅ completed · 🟡 in progress · — not applicable · TBD to be filled in. + +| Tag | Commit | Pre-deploy audit | +| -------------- | ------ | ---------------- | +| `token-v1.0.0` | [`157e6c4`](https://github.com/zama-ai/protocol-apps/commit/157e6c4aaa2283f48aeecc7b900146bc3f62bbe1) | ✅ | + +| Chain | Tag | Post-deploy audit | Deploy status | +| ---------------- | -------------- | ----------------- | ---------------- | +| Ethereum | `token-v1.0.0` | ✅ | ✅ | +| Gateway | `token-v1.0.0` | ✅ | ✅ | +| BSC | `token-v1.0.0` | ✅ | ✅ | +| HyperEVM | `token-v1.0.0` | ✅ | ✅ | \ No newline at end of file