Trail of Bits
Audit Open Original ↗

DFINITY Consensus

Type

Security review

Client

DFINITY

Date

2021-11

Domain

Blockchain

Effort

2 wks

Section

Other/Multi-Chain

Trail of Bits's security review of DFINITY (Nov 2021) identified 5 issues: 2 high, 1 low, 1 informational, and 1 undetermined.

Findings · 5

  1. 1 Maliciously crated catchup package shares could cause memory resource exhaustion High
  2. 2 The consensus protocol uses vulnerable dependencies Low
  3. 3 Inconsistent handling of duplicate shares Informational
  4. 4 Misbehaving nodes are not reported or punished by the consensus layer Undetermined
  5. 5 Invalid notarizations cause the validator to skip block validation High

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related