BSV Blockchain TS-SDK

Findings · 27

1. 1 deriveSymmetricKey does not use a key derivation function Informational
2. 2 toKeyShares can result in key leakage or unrecoverable keys Informational
3. 3 Large-integer arithmetic is susceptible to timing attacks Informational
4. 4 Elliptic curve operations are susceptible to timing attacks Informational
5. 5 AES implementations are susceptible to cache-timing attacks Informational
6. 6 GCM computations are susceptible to cache-timing attacks Informational
7. 7 HMAC-DRBG is not forward-secure Informational
8. 8 Secret comparisons are not constant time High
9. 9 AES-GCM implementation is noncompliant for large inputs Medium
10. 10 decrypt does not validate the length of ciphertexts Informational
11. 11 Several issues with the message encryption protocol High
12. 12 Spurious zero-block padding is not compliant with AES-GCM standard Medium
13. 13 AES-GCM implementation does not reject empty IV Informational
14. 14 Silent zero-padding of AES key is insecure Medium
15. 15 SHA-512 padding is noncompliant and could lead to collisions Medium
16. 16 DRBG seed concatenation leads to colliding outputs Informational
17. 17 Lenient Jacobian point constructor allows subtle attacks High
18. 18 Encoding the point at infinity triggers an assertion error Low
19. 19 The htonl function is not conditional Informational
20. 20 Hex string conversion is fragile High
21. 21 Big integer representation of messages allows signature forgery High
22. 22 ECDSA nonce range check is incorrect Informational
23. 23 Point decoding fails to ensure point is on the curve High
24. 24 Point addition resulting in infinity renders scalar multiplication incorrect Medium
25. 25 Base64 decoding is not robust Low
26. 26 Missing bounds checks in UTF-8 encoding Low
27. 27 Missing parameter checks in Chaum-Pedersen proofs and ECDSA signatures Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.