From 11169e5f1777024f0d2e2e6cce6f0f6efc9ed9e8 Mon Sep 17 00:00:00 2001
From: Nicolas Gailly <nikkolasg@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:24:44 +0100
Subject: [PATCH] Update audit section with reports for SnarkPack (#1261)

* Update audit section with reports for SnarkPack

* Remove broken link to inaccessible security report

* Prettier format

* Fix husky pre-commit hook

---------

Co-authored-by: Ian Davis <jungziege@gmail.com>
---
 content/appendix/audit_reports.md | 8 ++++++++
 package.json                      | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/content/appendix/audit_reports.md b/content/appendix/audit_reports.md
index c03051c9e..bf81591b1 100644
--- a/content/appendix/audit_reports.md
+++ b/content/appendix/audit_reports.md
@@ -55,6 +55,14 @@ This audit covers the implementation of Filecoin's builtin Actors, focusing on t
 
 ## Proofs
 
+### `2021-05-31` SnarkPack audit
+
+An audit was conducted on the cryptographic part of [SnarkPack](https://eprint.iacr.org/2021/529.pdf), that is used in the [FIP0009](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0009.md):
+
+- [Report](https://hackmd.io/@LIRa8YONSwKxiRz3cficng/B105no8w_) from Matteo Campanelli, a well known cryptography [researcher](https://www.binarywhales.com/)
+
+One major issue was found in the report by Campanelli where the challenges of each prove commits were not tied to the aggregated proof; this could have led up to malicious miner forge valid aggregated proofs without the individual prove commits. The rest of the issues were of medium to informal severity.
+
 ### `2020-10-20` Filecoin Bellman and BLS Signatures
 
 - Report: [**Filecoin Bellman/BLS Signatures Cryptography Review**](https://research.nccgroup.com/wp-content/uploads/2020/10/NCC_Group_ProtocolLabs_PRLB007_Report_2020-10-20_v1.0.pdf)
diff --git a/package.json b/package.json
index 6999df601..a18b949f5 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "globby": "^11.0.1",
     "graphviz-cli": "^2.0.0",
     "hugo-extended": "^0.113.0",
-    "husky": ">=4",
+    "husky": "^4.3.8",
     "jsdom": "^22.1.0",
     "lint-staged": ">=10",
     "np": "^6.5.0",