ETH2.0 Deposit CLI

Findings · 10

1. 1 Generated mnemonic could be leaked Low
2. 2 Deposit stores a world-readable file with sensitive information Low
3. 3 Deposit does not provide entropy validation on passwords Low
4. 4 Saving large JSON integers could result in interoperability issues Low
5. 5 Use of assert will be removed when the bytecode is optimized High
6. 6 Passwords are accessible via shell history Medium
7. 7 PyInstaller binaries should be distributed with signatures High
8. 8 Certain encodings can make passwords impossible to input Low
9. 9 Naming of the resulting JSON files can be misleading Medium
10. 10 Python Crypto wrappings allow unsafe parameters Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.