Trail of Bits
Audit Open Original ↗

Acala Network

Type

Security review

Client

Acala

Date

2021-01

Domain

Blockchain

Effort

6 wks

Section

Substrate

Trail of Bits's security review of Acala (Jan 2021) identified 11 issues: 3 low, and 8 informational.

Findings · 11

  1. 1 Insecure configuration for running Acala node in a Docker container Low
  2. 2 Sudo is enabled on the Acala chain Informational
  3. 3 Changed but unused liquidAmountToBurn value Informational
  4. 4 Transferring "max" ACA tokens through Acala-dapp fails and only burns the fees Low
  5. 5 The Substrate dependency "chaostests" contain out of date dependencies that have security vulnerabilities Informational
  6. 6 Lack of proper development guidance on using Acala-dapp with Acala Informational
  7. 7 CSRF in Acala/apps settings which allows changing the RPC endpoint URL Informational
  8. 8 Missing security-related HTTP headers in the Acala-dapp application Low
  9. 9 Small amounts are not displayed in Acala-dapp or are displayed in a scientific notation Informational
  10. 10 Providing too small value renders Acala-dapp unresponsive Informational
  11. 11 Documentation is incomplete Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related