Alephium is committed to building and delivering a secure and reliable blockchain. With that in mind, we have recently completed a security assessment of critical parts of our code. This assessment was conducted by Inference and specifically covered:
- Cryptographic Primitives in https://github.com/alephium/alephium/tree/master/crypto/src/main/sca la/org/alephium/crypto, including AES, BLAKE2b, BLAKE3, Ed25519, BIP32 key derivation, and other algorithms;
- Serialization in https://github.com/alephium/alephium/tree/master/serde/src/m ain/scala/org/alephium/serde;
- Proof of Less Work — our consensus mechanism (this article explains it in detail);
- Mining operations in https://github.com/alephium/alephium/tree/master/protocol/src/main/scala/o rg/alephium/protocol/mining (esp. Emission.scala )
- Difficulty adjustment in https://github.com/alephium/alephium/blob/master/flow/src/main/scala/org /alephium/flow/core/ (mainly ChainDifficultyAdjustment.scala)
- Node Wallet — (take a look in here for the definition): Wallet code in https://github.com/alephium/alephium/tree/master/wallet/src/main/scala/org/aleph ium/wallet, with a focus on the secret’s storage (in storage/SecretStorage.scala).
We are happy to share that no critical flaws were found in our code for the covered topics. We thank Inference for their professionalism & their precise analysis. Our development team analyzed the recommendations given by Inference, and we have a pending PR to address them.
You can find the report on their website: https://inference.ag/blog/2022-10-09-alephium/
Our code is publicly available at https://github.com/alephium
And you can find us on Twitter, Discord, Telegram, or Reddit!
