Nervos Network
Published in

Nervos Network

Nervos CKB Security Audit Complete

by Jan Xie

In Q3 of this year, the Nervos Foundation engaged two leading security companies — Peckshield and Least Authority — to complete detailed audits in preparation for the Nov 16 launch of our CKB mainnet “Lina.” We chose to engage two separate teams, each with their own unique auditing methodologies, to maximize the likelihood of uncovering critical vulnerabilities, and to help guarantee the security of our code. Those audits are now complete.

Audit Scope

The scope of the audit included but was not limited to:

  • Consensus algorithm
  • Node operation
  • Data and state storage
  • CKB VM
  • Transaction model
  • Account model
  • Incentive model
  • Economic model
  • System contracts and services
  • Smart contracts
  • Node communication


Peckshield uncovered 12 issues: 4 critical in severity, 5 medium in severity, and 3 informational, which have been resolved or are in the process of being resolved. The final report will be shared once it is complete.

Least Authority

Least Authority uncovered four issues, which have been resolved or are in the process of being resolved, and made seven suggestions. Please refer to the final published audit report for details, including mitigation and remediation strategies. You can also reference their blog summary for the TL;DR.

To help ensure the long-term security of Nervos CKB, we invite our community to participate in our bug bounty program.

Connect with us on Nervos Talk, Github, Telegram, and Twitter.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nervos Network

Nervos Network

Official account for the Nervos Network.

More from Medium

My Rust And Near Protocol Journey

Aleo — Project Overview  Good day, my reader.

Race condition in Tendermint’s StarPort

Why the Leo programming language will revolutionize the development of the Zero-Knowledge Protocol