DFINITY Oisy

Findings · 14

1. 1 ShellCheck warnings Informational
2. 2 Tests require a script to run Informational
3. 3 Tests do not work with the latest version of pocket-ic Informational
4. 4 Reliance on vulnerable dependencies Informational
5. 5 Deployment workflow is vulnerable to cache poisoning Informational
6. 6 Potential credential persistence in artifacts Informational
7. 7 Unpinned external GitHub CI/CD action versions Low
8. 8 The top_up_cycles_ledger API may return invalid data Low
9. 9 Codebase contains obsolete code Informational
10. 10 HTML tags matched with regular expressions Informational
11. 11 Transaction IDs are not validated by the back end canister Low
12. 12 OISY reuses the identity key from browser storage on sign in Low
13. 13 Measurable test coverage is low Undetermined
14. 14 Front end may misrepresent bitcoin transactions with multiple outputs Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.