DFINITY ECDSA/BTC

Type

Security review

Client

DFINITY

Date

2022-09

Domain

Blockchain

Effort

4 wks

Section

Other/Multi-Chain

Trail of Bits's security review of DFINITY (Sep 2022) identified 4 issues: 1 medium, 1 low, 1 informational, and 1 undetermined.

Findings · 4

1 Lack of validation of signed dealing against original dealing Medium
2 The ECDSA payload is not updated if a quadruple fails to complete Low
3 Malicious canisters can exhaust the number of available quadruples Undetermined
4 Aggregated signatures are dropped if their request IDs are not recognized Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Open the PDF ↗