WalletConnect v2.0’s Independent Security Audit by Trail of Bits

As a pillar of communication for web3 — one which, over the years, has connected thousands of apps, hundreds of wallets, and millions of users — setting a hard focus on security has been key in everything we do here at WalletConnect.

As part of our commitment to ensuring the highest level of security across WalletConnect, we’re pleased to share the results of a recent security audit conducted by the independent, industry-leading security firm — Trail of Bits.

Pioneers in web3 security, Trail of Bits has spent more than a decade relentlessly working on high-end security research with a “real-world attacker mentality” to significantly reduce risk and help build stronger foundations for our ecosystem.

Back in March of this year, we engaged Trail of Bits to review the security of WalletConnect v2.0. Following efforts to identify flaws that could compromise the confidentiality, integrity, or availability of WalletConnect, we’re happy to share that the audit did not conclusively uncover any significant flaws or defects.

Audit coverage and key findings

The audit set out to answer a list of non-exhaustive questions that would offer insight and findings surrounding the security of the protocol, like, “Is session data stored and handled correctly via storage logic?”, “Is the system susceptible to any known cryptographic attacks?”, and, “Can attackers impersonate dapps and trick users into approving illegitimate transactions?”.

To answer these questions, several critical areas were analyzed, such as:

• A review of WalletConnect documentation
• A manual code analysis of Core, Sign, and Auth APIs
• Automated static analysis with tools such as Semgrep and CodeQL
• A review of the use of cryptography to ensure that cryptographic primitives are used correctly, that cryptographic algorithm and parameter choices are sound, and that the system is not susceptible to any known cryptographic attacks

The audit identified four total findings across the “Cryptography”, “Data Exposure”, and “Patching” categories, which ranged from “Medium” to “Informational” and “Undetermined” in severity.

Among these four findings, three were identified as having “High” difficulty, meaning an attacker would “require privileged access to the system, may need to know complex technical details, and/or must discover other weaknesses” to be in any position to exploit an issue. The other, which was of “Informational” severity, was concluded as “Undetermined” in difficulty.

In particular, the audit shared the following details and recommendations on each of these exposures:

1. Data Exposure (medium severity): Insecure storage of session data in local storage

Trail of Bits noted that HTML5 local storage is used to hold session data, including keychain values. Because there are no access controls for modifying and retrieving this data using JavaScript, data in local storage is vulnerable to XSS attacks.

The audit recommended a short-term solution that involves the use of cookies to store and send tokens. In addition, enabling cross-site request forgery (CSRF) libraries to mitigate these attacks and ensuring that cookies are tagged with http0nly and preferably secure so that JavaScript cannot access them was also recommended.

While this vulnerability is not yet fully resolved, our team continues to work on finding solutions that can address the issues outlined without requiring dependency on centralized entities.

2. Patching (informational severity): Use of outdated dependencies

Through the use of npm audit and lerna-audit, the use of outdated dependencies in the codebase was detected.

A recommendation to update project dependencies to their latest version where possible, and to use tools such as retire.js, npm audit, and yarn audit to confirm that no vulnerable dependencies remain was provided.

Following the audit and thanks to the recommendation, the team has now resolved this issue.

3. Cryptography (informational severity): Key derivation code could produce keys composed of all zeroes

The audit found that the current implementation of the code that derives keys using the x25519 library does not enable the rejectZero option, meaning that, if a counterparty is compromised, this could result in a derived key composed of all zeroes, which could allow an attacker to observe or tamper with the communication. This finding was considered to be of ‘Informational’ severity as it was noted that a compromised counterparty would already allow an attacker to observe or tamper with the communication should this scenario occur.

A recommended solution for this was to enable the rejectZero flag for uses of the deriveSymKey function.

Following the audit and thanks to the recommendation, the team has now resolved this issue.

4. Cryptography (undetermined severity): No protocol-level replay protections in WalletConnect

Exchanged data between applications and wallets across the WalletConnect protocol is encrypted and authenticated with keys unknown to the public WebSocket relay server. However, Trail of Bits observed that the protocol does not protect against replay attacks.

The finding was considered to be of undetermined severity as no obvious way an attacker could use this vulnerability to impact users was identified.

Recommendations to resolve this issue included updating the implementation of the authentication protocol to include timestamps in the signature payload that are then checked against the current time upon signature validation, and including the pairing topic in the signature payload.

Following the audit and thanks to the recommendation, the team has now resolved this issue.

Next steps

Security has always been and will continue to be a key focus at WalletConnect, which is why we’re extremely pleased with the outcome and findings outlined in this audit. We feel incredibly confident in the progression of our roadmap, and more so with the valuable insight, knowledge, and feedback offered by Trail of Bits.

Having addressed and resolved three of the four issues outlined, moving forward, we will continue to focus on strengthening our security and work to tackle any areas of improvement to ensure we’re always building the best for the web3 community.

Our commitment to security across the board will continue to take priority, and we look forward to welcoming future audits and reviews as we evolve WalletConnect’s offerings and functions. In the meantime, we value all forms of insight and recommendation from our wider community of developers, auditors, and passionate web3 contributors.

If you have any concerns regarding a potential WalletConnect vulnerability, head here to find out more about our security bounty, how to report an issue, and the compensation we offer for doing so.

For the full report from Trail of Bits, head here.