CosmWasm 1.0 code audit started
We released CosmWasm 1.0.0-beta as a version of the software that we consider feature complete but unaudited. The missing code audit is now ongoing.
CosmWasm consists of multiple different software components written in Rust and Go. The audit is broken down into the following scopes of work:
- Scope 1: cosmwasm
This includes the standard library cosmwasm-std which is compiled into the contracts, cosmwasm-vm which hosts contract as well as various utilities for both. Those are packages from the CosmWasm/cosmwasm monorepo written in Rust. - Scope 2: wasmvm
CosmWasm/wasmvm is the border between the VM implementation in Rust and the Go world that allows the integration in a Cosmos SDK based blockchain. All communication goes through a C interface (FFI). It also translates between garbage collected memory in Go and deterministic memory management in Rust. - Scope 3: wasmd
The repository CosmWasm/wasmd contains the Cosmos SDK module x/wasm as well as an example standalone blockchain application called wasmd.
Since October 25th the auditing company Oak Security is auditing scope 1. Scope 2 will follow immediately after that. Oak Security has a track record in auditing CosmWasm smart contracts and is familiar with the technology and ecosystem. We expect audit reports for scopes 1 & 2 to be done by Christmas.
Scope 3 will follow by a not yet finalized auditor specialized on Cosmos SDK in Q1 next year.
Bugs and fixes
If bugs come up during the audit, they will be fixed quickly by Confio. We’ll prepare releases and give early notice in case anything critical is on the horizon. We don’t have a process formalized yet, but you can expect careful and responsible behaviour by the maintainers and a process loosely inspired by Cosmos SDK and Tendermint. Following @CosmWasm on Twitter is a good idea in any case.
The wasmvm fix released yesterday as 0.16.2 and 1.0.0-beta2 was not related to the audit.
Our partners
Confio coordinates the audit as the maintainer of the core CosmWasm components. But we couldn’t have done this without the generous commitments of our CosmWasm 1.0 audit sponsors. Those organizations make clear that if each CosmWasm user commits a bunch of resources and funds, there is a greater CosmWasm freely available to everyone as open source.
Platinum Level sponsor
Interchain Foundation supports research and development in open, decentralized networks focusing on the Cosmos blockchain ecosystem.
Gold Level sponsors
Crypto.com, founded in 2016, today serves over 10 million customers with the world’s fastest-growing crypto app along with the Crypto.com Visa card, Exchange, DeFi wallet, and NFT. With headquarters in Singapore and over 2,600 people in offices across the Americas, Europe, and Asia, Crypto.com is accelerating the world’s transition to cryptocurrency.
Provenance blockchain is a public blockchain network designed and developed to support financial service industry needs by providing a ledger, registry, and exchange across multiple financial assets and markets. It’s an open-source ecosystem for developing and deploying blockchain-based DeFi apps.
Silver Level sponsors
Comdex is a decentralized synthetics protocol built on cosmos SDK. Comdex enables users to create and trade a range of commodity synthetics and debt assets using cosmos ecosystem assets as collateral.
cyber~Congress is helping humanity to evolve by the deployment of collective intelligence or Superintelligence (Cyber) and empowering everyone with immortal software robots (Cyb) for the emergent Great Web.
Fetch.ai is a protocol for delivering intelligent automation to web3 using the power of multi-agent systems. These agents can autonomously manage DeFI assets across chains using peer-to-peer communication networks. The Fetch.ai network supports agent identity and advanced cryptographic protocols that make use of our high-performance Cosmwasm VM and smart contracts.
NYM is a decentralized and incentivized privacy network. It is made up of a mixnet that protects users’ data at the network level by hiding the metadata of communications, and the anonymous credentials for privacy at the application layer.
Persistence is enabling exposure to multiple asset classes such as Liquid Staking (pSTAKE), NFTs (Asset Mantle), and Synthetics to create an ecosystem of multi-chain Web3 products designed to stimulate global liquidity and enable seamless value exchange. Persistence is also working on developing inter-chain NFT and Metadata standards along with leading Proof-of-Stake networks/foundations.
What next?
We will announce the full audit plan when scope 3 is finalized, so stay tuned and follow our Twitter.
Subscribe to CosmWasm medium, check out our code on GitHub, read the docs, and join our Discord server for support.
