Audit Open Original ↗
DV Labs Charon Pedersen DKG
Type
Security review
Client
DV Labs
Date
2026-02
Domain
Crypto
Effort
2 wks
Section
Cryptography Reviews
Trail of Bits's security review of DV Labs (Feb 2026) identified 9 issues: 6 medium, 2 low, and 1 informational.
Findings · 9
- 1 Complete cluster replacement produces invalid shares Medium
- 2 Missing threshold validation in DKG operations Low
- 3 Unbounded buffer allocation in the sync protocol enables denial of service Medium
- 4 Node signature broadcast callback does not verify sender identity against claimed peer index Informational
- 5 Share index remapping bug causes signature verification failures during DKG Medium
- 6 Nonce reuse across multiple DKG iterations enables replay attacks Medium
- 7 restoreCommits panics on out-of-bounds shareNum Medium
- 8 New nodes lack polynomial commitment validation during reshare Medium
- 9 Unbounded buffer allocation in FetchDefinition enables memory exhaustion Low
Findings extracted from the published report PDF. See the full report below for details and remediation.
Related
- 2026-04 Ripple Labs XRP Ledger Confidential Transfer Audit
- 2026-03 Open Home Foundation SecureTar v3 Audit
- 2026-03 Anza BLS Signatures Audit
- 2026-02 NEAR One Robust ECDSA Audit
- 2026-01 Anza Token-2022 Confidential Transfer, Cryptography Audit
- 2026-01 Calyx Institute HSM Provisioning Ceremony Scripts Audit