Brink, the Bitcoin growth group, not too long ago funded the first ever independent security audit of Bitcoin Core carried out by a 3rd celebration (the total report is obtainable here). The audit was carried out by Quarkslab, a software program safety agency, with the assistance of the Open Supply Expertise Enchancment Fund (OSTIF) and collaboration with Bitcoin Core builders Niklas Gögge, from Brink, and Antoine Poinsot, from Chaincode Labs.
This safety audit marks a milestone within the growth historical past of Bitcoin Core, essentially the most extensively adopted and reference consumer of the Bitcoin community and protocol.
Whereas Bitcoin Core safety insurance policies and practices have been steadily hardened and revised to be extra thorough and complete over the previous couple of years, an exterior audit by a 3rd celebration specialised in safety assessment is a brand new bar to satisfy. It was met.
The audit concerned guide code assessment, static and dynamic evaluation with automated instruments, and superior fuzz testing, which takes robotically generated enter and runs it by means of totally different code paths trying to disclose sudden or detrimental habits.
No essential, excessive, or medium-severity bugs had been found within the audit. Two low-severity points had been totally different, and 13 different points that aren’t categorised as vulnerabilities underneath Bitcoin Core’s vulnerability classification criteria.
The whole course of additionally resulted in enhancements in Bitcoin Core’s testing infrastructure, together with new fuzz testing infrastructure for block connection and chain reorganization eventualities, a brand new space to be lined by testing, file system enhancements dashing up and bettering fuzz testing normally, new utilities for testing again sliding code efficiency, and strategies for bettering code readability for reviewers and new builders.
A few of these enhancements are already being labored on for eventual assessment and merging into the Bitcoin Core repository.
The outcomes of this unbiased safety audit have bolstered that Bitcoin Core’s enhancements over current years in safety coverage, testing, and total high quality assessment have had a significant affect on the undertaking.
