Trail of Bits
Audit Open Original ↗

Squads V4

Type

Security review

Client

Squads Protocol

Date

2023-10

Domain

Blockchain

Effort

2 wks

Section

Solana

Trail of Bits's security review of Squads Protocol (Oct 2023) identified 9 issues: 1 high, 1 medium, 6 informational, and 1 undetermined.

Findings · 9

  1. 1 Reliance on vulnerable dependencies Undetermined
  2. 2 Insucient linter use Informational
  3. 3 Lack of build instructions Informational
  4. 4 Functions invariant and invalidate_prior_transactions called in wrong order Informational
  5. 5 Insucient test coverage Informational
  6. 6 Insucient logging Informational
  7. 7 Attacker can front-run multisig creation transaction High
  8. 8 Program uses same set of ephemeral keys for all transactions in a batch Medium
  9. 9 Inecient lookup table account verification during transaction execution Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related