Title: Litecoin v0.8.3.7 audit report Post by: Peter Todd on July 31, 2013, 10:20:39 PM https://s3.amazonaws.com/peter.todd/litecoin-v0.8.3.7-audit-report.tar.bz2 or https://s3.amazonaws.com/peter.todd/litecoin-v0.8.3.7-audit-report.zip
Individual files: https://s3.amazonaws.com/peter.todd/litecoin-v0.8.3.7-audit-report/report.txt.asc https://s3.amazonaws.com/peter.todd/litecoin-v0.8.3.7-audit-report/40809aed-1b5cb086.diff https://s3.amazonaws.com/peter.todd/litecoin-v0.8.3.7-audit-report/litecoin-0.8.3.x-code-audit-agreement.txt.asc report.txt.asc SHA256 hash: 24832b4b8411f3fbcc98b96bdfaaf90f4aeac39a7fbfb491bff5a76d23859dbd I thought this would be of interest to Bitcoin people as well; AFAIK this is the first attempt anyone has made to formally audit a crypto-coin release in any way. I can't claim to have any special skills in that regard other than a good knowledge of Bitcoin, but it's a decent first try at least. Title: Re: Litecoin v0.8.3.7 audit report Post by: Peter Todd on August 07, 2013, 08:32:03 PM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Litecoin bug bounty statement ============================= Aug 7th 2013 Bounties denominated in Bitcoins can be paid to the following address: 1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv Bounties denominated in Litecoins can be paid to this address: LZRVtL2tH7wWcob2HGqzNjU4YPnYUj2h8x You'll note they both correspond to the same scriptPubKey. As discussed with Warren Togami and Charles Lee I will not spend the txouts associated with bug bounties received for Litecoin bugs denominated in Litecoins for a period of three months after those txouts are created. This was agreed upon to align my incentives with those of the Litecoin community. This statement, including my PGP signature, will be timestamped in the Bitcoin block chain. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJSAq7gAAoJECSBQD2l8JH7VjsH/2Il/YnPvTgrpfQs4/eM+Z91 xEqqhRSQtR3926z/UcTnlERfyYzii9NAbCKe6eR1+sSocl0aoryrFIcpoMVCet+1 jhs3fWuyTjzoWBWJqaomdzK/zatocCYwgZZnfN+32voB5SXitjE7EoUUYHHHpJRa 9aBs3tSW/Co6Sxr79mNHtOEjuwcxZEUi//4ZxNuAjbbor+6AhRZ+1b7RdN8ch5zO fichBh4gujufMZXu59dE5/A+YmlTj/CNCkuGZlATG8EzI3Ij9Vx63UqMp3WUQvFZ 2fTeqhOYJnRa9+new1oIX+QWrXc48dYINIC2Fkay5cIIuFpI5KqgyaIgyOkZtM8= =DAth -----END PGP SIGNATURE----- Title: Re: Litecoin v0.8.3.7 audit report Post by: Peter Todd on August 08, 2013, 08:55:01 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Litecoin Bonus Statement ======================== Aug 8th 2013 As an addition to my previous statement(1) regarding bug bounties, Warren pointed out that my contract also included more general bonuses like patches and advice. They too can go to the same address as for "bug bounties" and Litecoin denominated funds will also be held for a period of three months after the funds are received. 1) https://bitcointalk.org/index.php?topic=265582.msg2886501#msg2886501 SHA256: 82609f03e4dae2b55a475f638697ca9bd5be5488a38efbaf2bf4aedee485d506 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJSA1zAAAoJECSBQD2l8JH7g0gH/A3iZ0uhofkYNeHfAXxRPD3D 2TCW6X+Wk3U3dxJzfAG6sjEOgdYHlMWF1qZBePAaR+G/LNbCEvKfke1n3CU/grn7 fn6qf+cOGrFaJc23uc0XIt8m/yxvpqpyA0T6tz0w7+BaDhQgdHwEYyL/NZqPwHuF 9lbVvBRE7AHOKNKDVBEKlhUCURMrKI3l9nRG7F5gDTUpz2rM1hXVg7NkDBp/Pg9I jAV7DUhKxfdYWIVGXL5IiGx5/q4Vbo/z18VXDaZSfD1F0b8RiTRIlSyiPFG+MnxV zNqSfFH0OC1vuHYk1qxXEpaTBkkjPtsGZq8bvpVuFY1vKHLQE/DbUeYR4sh/mRc= =kPFK -----END PGP SIGNATURE----- Title: Re: Litecoin v0.8.3.7 audit report Post by: wtogami on August 08, 2013, 09:02:10 AM The bonus payment has been reduced slightly due to the verbosity of the above two statements.
<facepalm> Title: Re: Litecoin v0.8.3.7 audit report Post by: Peter Todd on August 08, 2013, 09:37:52 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 wtogami> The bonus payment has been reduced slightly due to the verbosity of the above two statements. wtogami> <facepalm> You're complaints have been noted and filed in triplicate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJSA2BGAAoJECSBQD2l8JH7dA8H/0kdjHkDj+XjIwIxN3EsrTIV +sIc6NbHZBqOxT8TklB1iDgRwEJGHegGQql0Y4wsw8CQi4RiX7+dms/wHNFRBzL9 uhW0fodjxfzeZebqf3DrrwmLx2yH6XMc97nPAglcc1m3thsJk3b4evoTKNIHjsyd kCzGnDjGsR70gj2c54ToybrwWfAqffOkVZXOUrEiJOKK/RvBQJQ7UqAHt4U+eH1w nJVSLhKZdr3iqJBK9NqoX7giUc4cjF86FyI8hbxM/U8p6cmNWt+tveRUBIFhMATA D0b+gGnazNox6JPSSVmdZK5V99BhhgLiqjpLf9lSezVQgclSs6qqIseKUWn+6Qk= =1Rlz -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJSA2B0AAoJECqCA6OBPEql0nsIAKz9ts/pYR881UYv8EheQray WcTHOr4bhVw3tkgvLMDBgS1YEP0aQQec5Jx/SdUkl43HGLrN7ytf623u5fPZrfkZ XX0Kmn8yScR2v0hrMAV4OhWeGemaFSMXSJAohvyk7JRsDLgXJ2ixsF+eyswvl2sh b8lols69odjq+ChbTOfqTMAyZHQtLTI6PMC58spUGYdG/GDac45c7BcI71ubbwUk V3KuILq5K9J1yZ0RUPbiQ8lAn507gWEYZ46IwtCvH3cmzrpI94nemwOyXrbweuu1 HvVcv7q/OVx+JaQu9r9wrs3nR7mBQ0PlmT/RGyvAk/2LHHWvNOihD26gyG/+ugE= =fiqh -----END PGP SIGNATURE----- -----BEGIN OPENTIMESTAMPS TIMESTAMP----- Version: 0.2.1.5.2_BETA/Build#2462 (GNU/Linux; Ubuntu Precise Pangolin 12.04.2 LTS) Include: DATA, SIGS U2VyaW91c2x5LCB5b3UgaGF2ZSB3YXkgdG9vIG11Y2ggdGltZSBvbiB5b3VyIGhhbmRzLi4uCgpC dXQgaGVyZSdzIGEgQml0Y29pbjoKCjAxMDAwMDAwMDEyY2U1MjIyMGY5OGNlMTM5MThjY2Q2MDdi NDlhYzRmODcxODA3NWZjNTI2Yjg4M2UzNzc3YjM0MjNlMWJiY2Y5MDAwMDAwMDA2YTQ3MzA0NDAy MjAwOTNjZTYyNzM4MzA1MDczOWRmNmYyMjJkODBjMzcyMzJjN2VhM2UwZDFkY2E2ODg5NWZkMGJk M2QxNWNkMzllMDIyMDEyNzcxNDc0MTM1Y2Y4OTY3YWI3ZWVmYWM3ZDY0ZjViYTE5YjllOWFkYTM0 YWE3ZDUwZjE0ZTRmZDQ0MzdlNmE4MzIxMDJhYmJjZjRlMWU5MzE5N2E2NmE1NDYxZjIxNjQ2ZmQ2 NWNkZDk5ZWU5Y2QyODljMTBjOTNlOTgxOTY0ODQ4ZGIzZmZmZmZmZmYwMTAxZTFmNTA1MDAwMDAw MDAwMzc1YWJhYzAwMDAwMDAwCgpXaGF0PyBJIHdhc24ndCBleGFjdGx5IGdvaW5nIHRvIG1ha2Ug aXQgZWFzeS4KCkFsc28sIGhlcmUncyBzb21ldGhpbmcgZWxzZToKCmhRRU1Bd0FBQUFBQUFBQUFB UWdBdU1GQ210R2wxUVRERWlBVzRTRC9uY01nOUYwZTBQdVBZbmZwdFpzTmhCQTVFS1Y5eENhdURz cjkKRVh0SjJhTCtETTI3bm9ZMzljdXo1MXp2V0VhdTVZNVd4ZTIzZDVuQ2gxNngxeHluR2wxOEJw QWdYVlZoY29xTjNMZVBWU0RCb09FUwpSSXVTbVpWL3VNNkxDOVJkMFc5eGpsRitXL3IvNktaTVBq VmY5Vzh4VUpnYk1SOXNtSU5vU2VxbUhuWFpuSTByY3VReGR3S2NzVGtYCnR1S2ZPZ2R4K0x3L1dJ V1ZSSGdURlF2a0NvOE03cFBQQ3BvdC8wbHQwVnNGRC9zc0xWNDZxSGF0ZVNYalJEbG9PbDF1RTIv T1RNMW0Kcy9OWjI2cGN2SnB4S1E3Sy93RnFNd0JTU1U0bld0RDFWNmVrRWtNMGtRYzJVTnk0TU1i eXJkL3J3ZEtBQVpOY0JoVFhKWnBqNExJWgp3ZEtJdmoxRE1MUGk5TS92Z1JoeFV4YThvcm9hMSsv RFJqQUVLM3pZWCs0V2VMbllKZmE3Q1dBVmlscVdjeW1uc3RUT0NWWGtYT2dXClFUT1lVRzNCNmFn UzNkQ1Y3U284MEJKKzFWdW5QWXNkSDU5MEEvRlRWOGJzTktudXVlL1MwSFVrQmZhdHZ1anBzUVRr NDZPR3RsR0wKQTJzPQo= -----END OPENTIMESTAMPS TIMESTAMP----- Title: Re: Litecoin v0.8.3.7 audit report Post by: bg002h on November 16, 2013, 03:43:54 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 wtogami> The bonus payment has been reduced slightly due to the verbosity of the above two statements. wtogami> <facepalm> You're complaints have been noted and filed in triplicate. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJSA2BGAAoJECSBQD2l8JH7dA8H/0kdjHkDj+XjIwIxN3EsrTIV +sIc6NbHZBqOxT8TklB1iDgRwEJGHegGQql0Y4wsw8CQi4RiX7+dms/wHNFRBzL9 uhW0fodjxfzeZebqf3DrrwmLx2yH6XMc97nPAglcc1m3thsJk3b4evoTKNIHjsyd kCzGnDjGsR70gj2c54ToybrwWfAqffOkVZXOUrEiJOKK/RvBQJQ7UqAHt4U+eH1w nJVSLhKZdr3iqJBK9NqoX7giUc4cjF86FyI8hbxM/U8p6cmNWt+tveRUBIFhMATA D0b+gGnazNox6JPSSVmdZK5V99BhhgLiqjpLf9lSezVQgclSs6qqIseKUWn+6Qk= =1Rlz -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJSA2B0AAoJECqCA6OBPEql0nsIAKz9ts/pYR881UYv8EheQray WcTHOr4bhVw3tkgvLMDBgS1YEP0aQQec5Jx/SdUkl43HGLrN7ytf623u5fPZrfkZ XX0Kmn8yScR2v0hrMAV4OhWeGemaFSMXSJAohvyk7JRsDLgXJ2ixsF+eyswvl2sh b8lols69odjq+ChbTOfqTMAyZHQtLTI6PMC58spUGYdG/GDac45c7BcI71ubbwUk V3KuILq5K9J1yZ0RUPbiQ8lAn507gWEYZ46IwtCvH3cmzrpI94nemwOyXrbweuu1 HvVcv7q/OVx+JaQu9r9wrs3nR7mBQ0PlmT/RGyvAk/2LHHWvNOihD26gyG/+ugE= =fiqh -----END PGP SIGNATURE----- -----BEGIN OPENTIMESTAMPS TIMESTAMP----- Version: 0.2.1.5.2_BETA/Build#2462 (GNU/Linux; Ubuntu Precise Pangolin 12.04.2 LTS) Include: DATA, SIGS U2VyaW91c2x5LCB5b3UgaGF2ZSB3YXkgdG9vIG11Y2ggdGltZSBvbiB5b3VyIGhhbmRzLi4uCgpC dXQgaGVyZSdzIGEgQml0Y29pbjoKCjAxMDAwMDAwMDEyY2U1MjIyMGY5OGNlMTM5MThjY2Q2MDdi NDlhYzRmODcxODA3NWZjNTI2Yjg4M2UzNzc3YjM0MjNlMWJiY2Y5MDAwMDAwMDA2YTQ3MzA0NDAy MjAwOTNjZTYyNzM4MzA1MDczOWRmNmYyMjJkODBjMzcyMzJjN2VhM2UwZDFkY2E2ODg5NWZkMGJk M2QxNWNkMzllMDIyMDEyNzcxNDc0MTM1Y2Y4OTY3YWI3ZWVmYWM3ZDY0ZjViYTE5YjllOWFkYTM0 YWE3ZDUwZjE0ZTRmZDQ0MzdlNmE4MzIxMDJhYmJjZjRlMWU5MzE5N2E2NmE1NDYxZjIxNjQ2ZmQ2 NWNkZDk5ZWU5Y2QyODljMTBjOTNlOTgxOTY0ODQ4ZGIzZmZmZmZmZmYwMTAxZTFmNTA1MDAwMDAw MDAwMzc1YWJhYzAwMDAwMDAwCgpXaGF0PyBJIHdhc24ndCBleGFjdGx5IGdvaW5nIHRvIG1ha2Ug aXQgZWFzeS4KCkFsc28sIGhlcmUncyBzb21ldGhpbmcgZWxzZToKCmhRRU1Bd0FBQUFBQUFBQUFB UWdBdU1GQ210R2wxUVRERWlBVzRTRC9uY01nOUYwZTBQdVBZbmZwdFpzTmhCQTVFS1Y5eENhdURz cjkKRVh0SjJhTCtETTI3bm9ZMzljdXo1MXp2V0VhdTVZNVd4ZTIzZDVuQ2gxNngxeHluR2wxOEJw QWdYVlZoY29xTjNMZVBWU0RCb09FUwpSSXVTbVpWL3VNNkxDOVJkMFc5eGpsRitXL3IvNktaTVBq VmY5Vzh4VUpnYk1SOXNtSU5vU2VxbUhuWFpuSTByY3VReGR3S2NzVGtYCnR1S2ZPZ2R4K0x3L1dJ V1ZSSGdURlF2a0NvOE03cFBQQ3BvdC8wbHQwVnNGRC9zc0xWNDZxSGF0ZVNYalJEbG9PbDF1RTIv T1RNMW0Kcy9OWjI2cGN2SnB4S1E3Sy93RnFNd0JTU1U0bld0RDFWNmVrRWtNMGtRYzJVTnk0TU1i eXJkL3J3ZEtBQVpOY0JoVFhKWnBqNExJWgp3ZEtJdmoxRE1MUGk5TS92Z1JoeFV4YThvcm9hMSsv RFJqQUVLM3pZWCs0V2VMbllKZmE3Q1dBVmlscVdjeW1uc3RUT0NWWGtYT2dXClFUT1lVRzNCNmFn UzNkQ1Y3U284MEJKKzFWdW5QWXNkSDU5MEEvRlRWOGJzTktudXVlL1MwSFVrQmZhdHZ1anBzUVRr NDZPR3RsR0wKQTJzPQo= -----END OPENTIMESTAMPS TIMESTAMP----- Now _that_ was funny. Classic! |