From 3114c1e55e851bda80dbb1cd58ad64bcef910a14 Mon Sep 17 00:00:00 2001 From: Ilaria Enache Date: Mon, 29 Jul 2024 12:44:41 +0200 Subject: [PATCH] update security page --- learn/security.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/learn/security.md b/learn/security.md index 2bc9d49f..dada2890 100644 --- a/learn/security.md +++ b/learn/security.md @@ -12,7 +12,7 @@ some missing links will need to be added when pages are created At its core, Wormhole is secured by a network of [Guardian](#){target=\_blank} nodes that validate and sign messages. If a super majority (e.g., 13 out of 19) of Guardians sign the same message, it can be considered valid. A smart contract on the target chain will verify the signatures and format of the message before approving any transaction. - Wormhole's core security primitive is its signed messages (signed VAAs) -- The Guardian network is currently secured by a collection of 19 of the world's top **[validator companies](https://wormhole-foundation.github.io/wormhole-dashboard/#/?endpoint=Mainnet){target=\_blank}** +- The Guardian network is currently secured by a collection of 19 of the world's top [validator companies](https://wormhole-foundation.github.io/wormhole-dashboard/#/?endpoint=Mainnet){target=\_blank} - Guardians produce signed state attestations (signed VAAs) when requested by a Core Contract integrator - Every Guardian runs full nodes (rather than light nodes) of every blockchain in the Wormhole network, so if a blockchain suffers a consensus attack or hard fork, the blockchain will disconnect from the network rather than potentially produce invalid signed VAAs - Any Signed VAA can be verified as authentic by the Core Contract of any other chain @@ -46,7 +46,7 @@ Via governance, the Guardians can: - Expand the Guardian set - Upgrade ecosystem contract implementations -The governance system is fully open source in the core repository. See the **[Open Source section](#){target=\_blank}** for contract source. +The governance system is fully open source in the core repository. See the [Open Source section](#){target=\_blank} for contract source. ## Monitoring @@ -58,7 +58,7 @@ Guardians monitor: - Block production and consensus of each blockchain - if a blockchain's consensus is violated, it will be disconnected from the network until the Guardians resolve the issue - Smart contract level data - via processes like the Governor, Guardians constantly monitor the circulating supply and token movements across all supported blockchains -- Guardian level activity - the Guardian Network functions as an autonomous decentralized computing network, complete with its blockchain (**[Gateway](#){target=\_blank}**) +- Guardian level activity - the Guardian Network functions as an autonomous decentralized computing network, complete with its blockchain ([Gateway](#){target=\_blank}) ## Gateway And Asset Layer Protections @@ -70,7 +70,7 @@ This enables additional protection for the Wormhole Asset Layer in addition to t - **Global Accountant** - the accountant tracks the total circulating supply of all Wormhole assets across all chains and prevents any blockchain from bridging assets which would violate the supply invariant -In addition to the Global Accountant, Guardians may only sign transfers that do not violate the requirements of the Governor. The **[Governor](https://github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0007_governor.md){target=\_blank}** tracks inflows and outflows of all blockchains and delays suspicious transfers that may indicate an exploit. +In addition to the Global Accountant, Guardians may only sign transfers that do not violate the requirements of the Governor. The [Governor](https://github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0007_governor.md){target=\_blank} tracks inflows and outflows of all blockchains and delays suspicious transfers that may indicate an exploit. ## Open Source @@ -82,7 +82,7 @@ Wormhole builds in the open and is always open source. ## Audits -Wormhole has been heavily audited, with **29 third-party audits completed** and more started. +Wormhole has been heavily audited, with _29 third-party audits completed_ and more started. Wormhole has had audits performed by the following firms, and continues to seek more: @@ -96,7 +96,7 @@ Wormhole has had audits performed by the following firms, and continues to seek - Coinspect - Halborn -**[The most up-to-date list of audits, as well as the final reports](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#3rd-party-security-audits){target=\blank}**. +[The most up-to-date list of audits, as well as the final reports](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#3rd-party-security-audits){target=\blank}. ## Bug Bounties @@ -104,15 +104,15 @@ Wormhole has one of the largest bug bounty programs in software development and Wormhole hosts two bug bounty programs: -- An **[Immunefi](https://immunefi.com/bug-bounty/wormhole/){target=\blank}** program -- As well as a **[self-hosted program](https://immunefi.com/bug-bounty/wormhole/){target=\blank}** +- An [Immunefi](https://immunefi.com/bug-bounty/wormhole/){target=\blank} program +- As well as a [self-hosted program](https://immunefi.com/bug-bounty/wormhole/){target=\blank} -Both platforms have a top payout of **2.5 million dollars**. +Both platforms have a top payout of _2.5 million dollars_. -If you are interested in contributing to Wormhole security, please look at this section for **[Getting Started as a White Hat](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#white-hat-hacking){target=\blank}**, and follow the **[Wormhole Contributor Guidelines](https://github.com/wormhole-foundation/wormhole/blob/main/CONTRIBUTING.md){target=\blank}**. +If you are interested in contributing to Wormhole security, please look at this section for [Getting Started as a White Hat](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md#white-hat-hacking){target=\blank}, and follow the [Wormhole Contributor Guidelines](https://github.com/wormhole-foundation/wormhole/blob/main/CONTRIBUTING.md){target=\blank}. For more information about submitting to the bug bounty programs, refer to the [Wormhole Immunefi page](https://immunefi.com/bug-bounty/wormhole/){target=\blank}. ## Learn More -The **[SECURITY.md](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md){target=\blank}** from the official repository has the latest security policies and updates. +The [SECURITY.md](https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md){target=\blank} from the official repository has the latest security policies and updates.