Trail of Bits
Audit Open Original ↗

NEAR One PedPop+

Type

Security review

Client

NEAR One

Date

2025-05

Domain

Crypto

Effort

4 wks

Section

Cryptography Reviews

Trail of Bits's security review of NEAR One (May 2025) identified 6 issues: 1 medium, 1 low, and 4 informational.

Findings · 6

  1. 1 Generic DKG does not delete temporary secret values Medium
  2. 2 Outdated dependencies with advisories Informational
  3. 3 DKG assertions are left to the caller Informational
  4. 4 Unclear security model when resharing with a different threshold Informational
  5. 5 Broadcast corruption threshold may not match signing threshold Low
  6. 6 Reshare public key checks can occur earlier Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related