Nervos CKB Security Audit Complete
by Jan Xie
In Q3 of this year, the Nervos Foundation engaged two leading security companies — Peckshield and Least Authority — to complete detailed audits in preparation for the Nov 16 launch of our CKB mainnet “Lina.” We chose to engage two separate teams, each with their own unique auditing methodologies, to maximize the likelihood of uncovering critical vulnerabilities, and to help guarantee the security of our code. Those audits are now complete.
Audit Scope
The scope of the audit included but was not limited to:
- Consensus algorithm
- Node operation
- Data and state storage
- CKB VM
- Transaction model
- Account model
- Incentive model
- Economic model
- System contracts and services
- Smart contracts
- Node communication
Peckshield
Peckshield uncovered 12 issues: 4 critical in severity, 5 medium in severity, and 3 informational, which have been resolved or are in the process of being resolved. The final report will be shared once it is complete.
Least Authority
Least Authority uncovered four issues, which have been resolved or are in the process of being resolved, and made seven suggestions. Please refer to the final published audit report for details, including mitigation and remediation strategies. You can also reference their blog summary for the TL;DR.
To help ensure the long-term security of Nervos CKB, we invite our community to participate in our bug bounty program.
Connect with us on Nervos Talk, Github, Telegram, and Twitter.
