Trail of Bits
Audit Open Original ↗

Symbol

Type

Security review

Client

NEM Group

Date

2020-07

Domain

Blockchain

Effort

4 wks

Section

Other/Multi-Chain

Trail of Bits's security review of NEM Group (Jul 2020) identified 11 issues: 1 high, 1 medium, 3 low, 3 informational, and 3 undetermined.

Findings · 11

  1. 1 Missing compiler mitigations Low
  2. 2 Undefined behavior dereferencing std::list.back() on an empty container Undetermined
  3. 3 Current ConfigurationBags verification may lead to bugs Informational
  4. 4 High-entropy RNG does not guarantee high entropy Medium
  5. 5 Use O_CLOEXEC lag by default when opening files on Linux Informational
  6. 6 The symbol-cli saves the config file as readable for others High
  7. 7 Maximum packet size of 4GB may lead to denial-of-service attacks Undetermined
  8. 8 Lack of overlow checks Informational
  9. 9 The boost::filesystem::create_directory defaults to 0777 permissions Low
  10. 10 Potential padding oracle attack in AesCbcDecrypt Undetermined
  11. 11 Incorrect ReceiptType in catapult-rest Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related