Trail of Bits
Audit Open Original ↗

MobileCoin

Type

Security review

Client

MobileCoin

Date

2020-08

Domain

Blockchain

Effort

4 wks

Section

MobileCoin

Trail of Bits's security review of MobileCoin (Aug 2020) identified 9 issues: 3 medium, 1 low, 4 informational, and 1 undetermined.

Findings · 9

  1. 1 The codebase uses a crate with a RUSTSEC advisory Medium
  2. 2 The codebase relies on outdated dependencies Informational
  3. 3 Insuficient enclave function tests Informational
  4. 4 The tx_is_well_formed and mc_transaction_core::validation::validate functions panic on crated input Undetermined
  5. 5 Memory exhaustion when deserializing EnclaveCall Medium
  6. 6 Out-of-bounds memory access in Quote Low
  7. 7 No instructions on how to reproduce the SGX enclave build Informational
  8. 8 Panic in derive_proof_at_index Medium
  9. 9 Intel Attestation Service (IAS) is a single point of failure Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related