Beam Security Audits — Results

As a privacy-focused company, we prioritize the Beam’s users safety.

Last update: February 6th, 2019

Beam builds a confidential and scalable coin designed for people, so security is vital.

With our expected launch, we would like to share the results of the two commissioned security audits, we did so far.

Scope

We are releasing the final reports of each external Security Auditor we contracted with to review our code.

Beam’s code has been reviewed so far by:

• Kudelsky Security LTD — Q4 2018
• Least Authority LTD — Q4 2018
• SmartDec LTD — Q1 2019

Kudelsky Security — Abstract

“Beam hired Kudelski Security to perform a security assessment of their blockchain, providing access to source code and documentation.

The repository concerned is https://github.com/BeamMW/beam. We specifically audited commits and changed to commit ec633b71 during the work, because of the significant changes that occurred on the codebase during the audit.

This document reports the security issues identified and our mitigation recommendations, as well as our general assessment of the implementation and architecture.

A “Status” section reports the feedback from Beam’s developers and includes a reference to the patches related to the reported issues.

We report:
• 2 security issues of medium severity
• 7 security issues of low severity
• 10 observations related to general code safety”

The audit was performed by Dr. Jean-Philippe Aumasson, VP Technology, jointly with Yolan Romailler, Cryptography Engineer, and involved 20 person-days of work.

To read the complete report, please click here.

Least Authority LTD — Abstract

“Least Authority performed a security audit of Beam’s implementation of the Mimblewimble protocol, written in C++ and uses the Equihash Mining algorithm. The audit was performed by Least Authority team members Ramakrishnan Muthukrishnan, Meejah, and Jan Winkelmann in collaboration with the Beam team members Alex Romanov, Vladislav Gelfer, and Artem Gorbachev from October 1 — November 9, 2018; the initial audit report was issued on November 14, 2018 and an updated report was issued on December 24, 2018 following the discussions, updates made by Beam and the verification performed Least Authority.

Overall, the code was found to be well structured and cleanly separated into different namespaces (i.e. wallet, Beam, ECC). Additionally, there are unit tests for critical modules like node, wallet, p2p protocol, and ECC, which are an important aspect to a quality codebase, which helps to reduce the risk of code errors that are potentially exploitable.

Several issues and suggestions were identified throughout the duration of the audit which are documented in detail in the “Beam Implementation Final Audit Report”. Beam has acknowledged and resolved or responded to each of the issues and suggestions, assuring Least Authority that they are aware of the risks and vulnerabilities which were found to currently exist in the codebase and plan to publish the report findings with the community.

It is recommended that there be further analysis on the unresolved and partially resolved Issues and Suggestions in the report and that they are addressed as soon as possible. Additionally, it is recommended that the codebase be further improved by a focus on readability, increasing test coverage report generation, generally increasing the number of comments and properly vendoring dependencies.

It is commendable that Beam supports third-party security reviews and agrees that future audits continue as changes and features are introduced to the codebase to optimize the security of the Beam implementation.”

To read the complete report, please click here.

SmartDec LTD — Abstract

“The objective of this document is to describe the procedure and results of the source code audit of the Beam blockchain project. The audit is focused mainly on its security aspects.

The project employs the latest advances in cryptography to ensure integrity and confidentiality of the data, contained within. Based on the Pedersen commitment idea, MimbleWimble protocol is used to hide payment amounts as well as senders and receivers identities as the blockchain stores no wallet addresses. Besides, Beam declares built-in support for time-locked transactions, escrow transactions, atomic swaps, and some other features, that can only be implemented in other blockchains on the smart-contract level. Additionally, Beam uses a number of techniques for compact blockchain to achieve a very moderate blockchain size as compared to other blockchain implementations.

The original plan of the audit was to perform a traditional application security audit manually and using tools with subsequent code review for the blockchain protocol, data storage, and processing. Actually, several stages of manual code review are done; each audit stage uses the current version of the source code from GIT. The source code is written using C++ as the primary programming language with some supporting libs in plain C.

The source code has total 190407 LOC ANSI C that is 71.74% of all the code and 73849 LOC in C++ that is 27.82% of all the code. Beam in-house code has approximately 40261 (91.59%) LOC written in C++ and 3693 (8.40%) LOC written in ANSI C.

The following libraries are used with the source code:

• Sqlite — embeddable sql database engine
• libuv — async input-output library (http://libuv.org/)
• json.hpp — JSON for Modern C++ (https://github.com/nlohmann/json)
• expected.hpp — an implementation of std::expected (https://github.com/TartanLlama/expected)
• YAS — yet another serialization (https://github.com/niXman/yas)

In the first stage of the audit, the project was compiled. There were some unaccounted dependencies and hardware-specific options, all of them were revealed. Boost was not checked by cmake; -mavx gcc compiler option was available for x86_64 only. Compiler warnings had to be analyzed and fixed:

warning: void* memcpy(void*, const void*, size_t) writing to
an object of non-trivially copyable type ‘class
ECC::Scalar::Native’; use copy-assignment or
copy-initialization instead [-Wclass-memaccess]
memcpy(&(out[pubKey].V), p+32, 32);

The source code review identified some typical programming issues such as bad implementation of C++ assignment operator (lacking of self-assignment check), non-typical or non-recommended macro usage, unnecessary low-level coding, and API misuse.

In the next stages analysis of the papers describing math foundations and algorithms was performed. We searched and identified MimbleWimble and Bulletproof implementations. Beam has its own Bulletproof implementation by the author (B. Bunz), which is available as a fork (with a pull request) of libsecp256-zkp. During performing the Beam protocol analysis we recovered the Beam message types and associated values, which were sent and received by cross-referencing for each message type.”

To read the complete report, please click here.

And from here?

Beam is still under development (and will be for the foreseeable future) thus we encourage the community to help the network to identify potential vulnerabilities by submitting a report here or by alerting the team and the community on our community channels on Gitter, Discord or Telegram.

We want to thank the amazing teams at Least Authority and Kudelski for their insightful comments and suggestions. They helped us build our code better. We are satisfied with the audit returns and positive feedbacks and will continue to do everything to make Beam as secure as possible.

Join our developer community: Gitter

Telegram: t.me/BeamPrivacy

Reddit: reddit.com/r/beamprivacy/

Twitter: https://twitter.com/beamprivacy

Discord: discord.gg/BHZvAhg

Bitcointalk: https://bitcointalk.org/index.php?topic=5052151

Forum: https://forum.beam.mw/

Newsletter: https://beamprivacy.substack.com/