Summary
Trail of Bits (Trail of Bits | About), is a highly-rated cybersecurity research and consulting firm which has done security audits of dozens of blockchains. In November 2021, Trail of Bits and the DFIITY Foundation worked together to audit the design and implementation of Consensus. Please note: two high-severity issues were found and have fixed as detailed in the report (page 4).
This is the second time that a third party security audit of the IC has occurred. A previous one was posted on January 4, 2022.. The last time there was an audit, it covered every layer of the IC stack, while this audit was hyper focused on Consensus.
The outcome of this collaboration is detailed in the 28-page report below:
Security Assessment of IC Consensus: publications/DFINITYConsensus.pdf at master · trailofbits/publications · GitHub
As last time, we are very grateful and impressed with the work by Trail of Bits. We have been very impressed with their diligence.
Discussion leads
The person at DFINITY who was most involved and can best answer questions is @robin-kunzler of the DFINITY Crypto team.
Best way to read this report
- For those with limited time, I recommend reading the Executive Summary (page 2- 3) or the color-coded Code Maturity Evaluation (page 5) which give the reader a high-level view of the issue.
- For those interested in understanding the issues, the report shows the associated Rust code.
Areas of the code which were audited:
This audit focused on Consensus protocols of the IC.
Industry Background
- For context, you can see other reports by Trail of Bits here: GitHub - trailofbits/publications: Publications from Trail of Bits
thanks haha, I should have looked at link closer.