"Canister Sandbox Review" by Trail of Bits (third-party security audit #4)

Summary

Trail of Bits, is a highly-rated cybersecurity research and consulting firm which has done security audits of dozens of blockchains. In April 2022, Trail of Bits and the DFINITY Foundation worked together to audit the design and implementation of Canister sandboxing. Canister sandboxing has been an important security concern in the past. and it was originally deployed to the IC mainnet on March 2022.

Please note the “exposure analysis”:

  • High - 0 issues found
  • Medium - 2 issues found
  • Low - 2 issues found
  • Informational - 2 issues found
  • Undetermined - 0 issues found

Review Documents

  1. Canister Sandbox Security Audit - Executive Summary

  2. Canister Sandbox Security Audit - Fix Review

Previous Security Reviews

You can find list of previous security reviews on the IC wiki:

https://wiki.internetcomputer.org/wiki/Third-party_security_audits.

Discussion leads

The person at DFINITY who was most involved and can best answer questions is @robin-kunzler of the DFINITY Crypto team.

11 Likes