You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: learn/security.md
+11-11
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ some missing links will need to be added when pages are created
12
12
At its core, Wormhole is secured by a network of [Guardian](#){target=\_blank} nodes that validate and sign messages. If a super majority (e.g., 13 out of 19) of Guardians sign the same message, it can be considered valid. A smart contract on the target chain will verify the signatures and format of the message before approving any transaction.
13
13
14
14
- Wormhole's core security primitive is its signed messages (signed VAAs)
15
-
- The Guardian network is currently secured by a collection of 19 of the world's top **[validator companies](https://wormhole-foundation.github.io/wormhole-dashboard/#/?endpoint=Mainnet){target=\_blank}**
15
+
- The Guardian network is currently secured by a collection of 19 of the world's top [validator companies](https://wormhole-foundation.github.io/wormhole-dashboard/#/?endpoint=Mainnet){target=\_blank}
16
16
- Guardians produce signed state attestations (signed VAAs) when requested by a Core Contract integrator
17
17
- Every Guardian runs full nodes (rather than light nodes) of every blockchain in the Wormhole network, so if a blockchain suffers a consensus attack or hard fork, the blockchain will disconnect from the network rather than potentially produce invalid signed VAAs
18
18
- Any Signed VAA can be verified as authentic by the Core Contract of any other chain
@@ -46,7 +46,7 @@ Via governance, the Guardians can:
46
46
- Expand the Guardian set
47
47
- Upgrade ecosystem contract implementations
48
48
49
-
The governance system is fully open source in the core repository. See the **[Open Source section](#){target=\_blank}** for contract source.
49
+
The governance system is fully open source in the core repository. See the [Open Source section](#){target=\_blank} for contract source.
50
50
51
51
## Monitoring
52
52
@@ -58,7 +58,7 @@ Guardians monitor:
58
58
59
59
- Block production and consensus of each blockchain - if a blockchain's consensus is violated, it will be disconnected from the network until the Guardians resolve the issue
60
60
- Smart contract level data - via processes like the Governor, Guardians constantly monitor the circulating supply and token movements across all supported blockchains
61
-
- Guardian level activity - the Guardian Network functions as an autonomous decentralized computing network, complete with its blockchain (**[Gateway](#){target=\_blank}**)
61
+
- Guardian level activity - the Guardian Network functions as an autonomous decentralized computing network, complete with its blockchain ([Gateway](#){target=\_blank})
62
62
63
63
## Gateway And Asset Layer Protections
64
64
@@ -70,7 +70,7 @@ This enables additional protection for the Wormhole Asset Layer in addition to t
70
70
71
71
-**Global Accountant** - the accountant tracks the total circulating supply of all Wormhole assets across all chains and prevents any blockchain from bridging assets which would violate the supply invariant
72
72
73
-
In addition to the Global Accountant, Guardians may only sign transfers that do not violate the requirements of the Governor. The **[Governor](https://github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0007_governor.md){target=\_blank}** tracks inflows and outflows of all blockchains and delays suspicious transfers that may indicate an exploit.
73
+
In addition to the Global Accountant, Guardians may only sign transfers that do not violate the requirements of the Governor. The [Governor](https://github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0007_governor.md){target=\_blank} tracks inflows and outflows of all blockchains and delays suspicious transfers that may indicate an exploit.
74
74
75
75
## Open Source
76
76
@@ -82,7 +82,7 @@ Wormhole builds in the open and is always open source.
82
82
83
83
## Audits
84
84
85
-
Wormhole has been heavily audited, with **29 third-party audits completed** and more started.
85
+
Wormhole has been heavily audited, with _29 third-party audits completed_ and more started.
86
86
87
87
Wormhole has had audits performed by the following firms, and continues to seek more:
88
88
@@ -96,23 +96,23 @@ Wormhole has had audits performed by the following firms, and continues to seek
96
96
- Coinspect
97
97
- Halborn
98
98
99
-
**[The most up-to-date list of audits, as well as the final reports](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#3rd-party-security-audits){target=\blank}**.
99
+
[The most up-to-date list of audits, as well as the final reports](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#3rd-party-security-audits){target=\blank}.
100
100
101
101
## Bug Bounties
102
102
103
103
Wormhole has one of the largest bug bounty programs in software development and has repeatedly shown commitment to engaging with the white hat community.
104
104
105
105
Wormhole hosts two bug bounty programs:
106
106
107
-
- An **[Immunefi](https://immunefi.com/bug-bounty/wormhole/){target=\blank}** program
108
-
- As well as a **[self-hosted program](https://immunefi.com/bug-bounty/wormhole/){target=\blank}**
107
+
- An [Immunefi](https://immunefi.com/bug-bounty/wormhole/){target=\blank} program
108
+
- As well as a [self-hosted program](https://immunefi.com/bug-bounty/wormhole/){target=\blank}
109
109
110
-
Both platforms have a top payout of **2.5 million dollars**.
110
+
Both platforms have a top payout of _2.5 million dollars_.
111
111
112
-
If you are interested in contributing to Wormhole security, please look at this section for **[Getting Started as a White Hat](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#white-hat-hacking){target=\blank}**, and follow the **[Wormhole Contributor Guidelines](https://github.com/wormhole-foundation/wormhole/blob/main/CONTRIBUTING.md){target=\blank}**.
112
+
If you are interested in contributing to Wormhole security, please look at this section for [Getting Started as a White Hat](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#white-hat-hacking){target=\blank}, and follow the [Wormhole Contributor Guidelines](https://github.com/wormhole-foundation/wormhole/blob/main/CONTRIBUTING.md){target=\blank}.
113
113
114
114
For more information about submitting to the bug bounty programs, refer to the [Wormhole Immunefi page](https://immunefi.com/bug-bounty/wormhole/){target=\blank}.
115
115
116
116
## Learn More
117
117
118
-
The **[SECURITY.md](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md){target=\blank}** from the official repository has the latest security policies and updates.
118
+
The [SECURITY.md](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md){target=\blank} from the official repository has the latest security policies and updates.
0 commit comments