Trail of Bits
Audit Open Original ↗

Fog Protocol

Type

Security review

Client

MobileCoin

Date

2021-01

Domain

Blockchain

Effort

4 wks

Section

MobileCoin

Trail of Bits's security review of MobileCoin (Jan 2021) identified 8 issues: 1 medium, 2 low, and 5 informational.

Findings · 8

  1. 1 Various debug_assert statements are not constant time Informational
  2. 2 Handling of corner case in hash_query introduces bias Informational
  3. 3 Multiplication overlow in compute_mem_kb Low
  4. 4 Ingest and view servers should be run under distinct users Informational
  5. 5 zeroize is not used to protect HTTP basic authentication credentials Low
  6. 6 Call to vartime_write may not be oblivious for keys in the map Informational
  7. 7 Insuficient domain separation in key exchange prf function Informational
  8. 8 The common_ancestor_distance_of_peers function is not constant time when compiled in release mode Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related