Security reviews of core network components #410 - Milestone 11: _(SCAN) Scan_
OPENIssue
650K CC requested
digitalasset
Milestone 11: _(SCAN) Scan_
- Scope: The Scan API is the second API (next to the sequencer public API) in the Canton Network that is publicly exposed to the Internet. A third-party security audit is required in order to prepare for the removal of the IP whitelisting. This milestone therefore focuses on reviewing the API and the implementation of the backend for possible vulnerabilities.
- Estimated Delivery: Q1 2027
- Estimated Effort: 12PW
- Selected Independent Auditor: RFQ
| Milestone | Description | Amount | Note | |---|---|---|---| | _(SCAN) Scan_ | Audit 11 | 650,000 CC | For DA upon completion of audit and remediation of all high-severity findings, and an approximate budget of up to 350,000 CC for the third-party auditor.This section can be repeated multiple times if additional audits are required. |
Total Funding Request: 6,420,000 CC for DA and a budget of up to 3,850,000 CC for the 11 third-party audits.
_Originally posted by @pedrodneves in https://github.com/canton-foundation/canton-dev-fund/issues/410#issuecomment-4908024445_