Trail of Bits
Audit Open Original ↗

NEAR One Robust ECDSA

Type

Security review

Client

NEAR One

Date

2026-02

Domain

Crypto

Effort

6.4 wks

Section

Cryptography Reviews

Trail of Bits's security review of NEAR One (Feb 2026) identified 10 issues: 2 high, 1 medium, 1 low, and 6 informational.

Findings · 10

  1. 1 ECDSA signature verification does not enforce low s values Informational
  2. 2 Rerandomization does not perform correct domain separation Informational
  3. 3 Presignature rerandomization does not provably prevent Wagner’s attack Informational
  4. 4 Signature share linearization may slightly weaken robustness Low
  5. 5 Zero threshold causes integer overflow panic in debug mode Informational
  6. 6 Missing zeroization of presignature data Medium
  7. 7 Standard split-view attack can extract the secret key with 3t + 2 signers High
  8. 8 Novel split-view attack can extract the secret key with 2t + 3 signers High
  9. 9 Inconsistent interpolation bounds between implementation and reference Informational
  10. 10 Inconsistent threshold semantics across DKG and presigning protocols Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related