KILT Protocol Completes Security Audit With SRLabs

After three years of research and development, KILT Protocol secured a Kusama parachain slot and launched mainnet in September 2021, and is now in the last phase before decentralisation. Part of this final stage is to ensure that the KILT blockchain is resilient to hacker attacks and to get an overview of potential weaknesses in order to fix them before the network is decentralised. To achieve this, BOTLabs GmbH, the entity behind KILT Protocol, engaged Security Research Labs (SRLabs) to perform a security audit.

The Auditor

SRLabs is a cybersecurity consultancy and hacking research collective striving to make the world more secure. BOTLabs selected them for their methodological approach and extensive experience in auditing Kusama, Polkadot, Substrate-based chains, and many networks in the Polkadot ecosystem.

Audit Scope

The aim of the security audit was to assess the KILT Protocol with regards to its resilience to hacking attempts and to get an overview of the most relevant weaknesses in order to fix them before the launch of the network.

We engaged SRLabs to perform audits of:

• The KILT Blockchain
• The KILT Software Development Kit (SDK), which enables an easy way for developers and third parties to build applications on the top of KILT Protocol
• The Sporran Wallet, a browser extension which in its current version can receive, hold and send KILT Coins; soon it will also be used to manage KILT credentials.

In order to effectively review the KILT codebase, SRLabs employed a threat model-driven code review strategy. For each identified threat, hypothetical attacks that can be used to realise the threat were developed. Prioritising by risk, the codebase or relevant pallets was assessed for existing protections against respective threats and attacks, as well as the vulnerabilities that make these attacks possible.

Karsten Nohl, SRLabs’ founder, adds: “Every blockchain system comes with new security challenges due to the unique business logic and implementation. Starting from threat modeling enables our testers to focus attention on the most promising hacking avenues. The collaboration with BOTLabs on securing KILT Protocol worked really well.”

Audit Results

During the audit, SRLabs identified eight issues including two with a high severity. These two issues were found in the areas of staking and were resolved by the KILT development team with the first runtime upgrade. The remaining six issues affecting the area of KILT functionality with a severity of moderate to low were fixed by the KILT development team in a subsequent runtime upgrade, in advance of full decentralisation and the availability of the KILT functionality.

“We selected SRLabs for their experience with top projects in the Kusama and Polkadot ecosystems. We appreciated their methodological and collaborative approach, and plan additional audits with SRLabs as we continuously evaluate KILT Protocol security,” said Ingo Rübe, founder of KILT Protocol and CEO of BOTLabs GmbH.

About KILT Protocol

KILT is an open-source blockchain protocol for issuing self-sovereign, anonymous and verifiable credentials. KILT’s mission is to return control over personal data to its owner, restoring privacy to the individual. Developers can use KILT’s Javascript SDK to quickly build applications for issuing, holding and verifying credentials and create businesses around identity and privacy. KILT Protocol was initially developed by BOTLabs GmbH in Berlin and is the technology on which SocialKYC, a decentralised identity verification service, is built.