@woben.near [Posted on Developer DAO Board](https://near.social/#/devgovgigs.near/widget/Post?id=556) ## Idea: nearcore security audit RFP The protocol working group would like to conduct a security audit on [nearcore](https://github.com/near/nearcore), the implementation of Near Protocol. The security audit should focus primarily on identifying critical vulnerabilities, i.e, those that could potentially lead to a loss of funds or unauthorized minting of tokens. Here are a few suggested area of focus for auditors: * Block and chunk production and validation logic. The focus should be on whether a malicious block or chunk producer could produce an invalid block or chunk that passes validation and that allows them to steal funds or mint tokens illegally. * Transaction and receipt validation logic. Transactions and receipts should be unique globally, i.e., no transaction or receipt should be recorded onchain twice in the entire blockchain history. A receipt must be generated by a transaction or another receipt and cannot be created out of thin air. * Staking reward distribution. Staking reward distribution should be fully compliant with the economics of Near and no malicious attacker should be able to alter how the rewards are created or distributed. * Light client and interoperability. A malicious attacker should not be able to prove to a light client a transaction that does not actually exist on chain. The security audit outcome should be a report that details the findings of the audit. As part of the report, suggested remediation steps will also need to be included. The protocol working group is responsible for reviewing the audit and coordinating with DevHub for the payment. To apply to become an auditor, please reply to this post with your qualifications and proposed plan and budget. The protocol working group will work with the security working group to select qualified auditors from the applicants.