MIGrated from Dropbox on 1.20.2023 for redundancy
Stacks Audits
Stacks 2.0 Security Audit Reports
NCC Group | Stacks Blockchain Audit Report 11-23-202 v1.0
NCC Group | Stacks Wallet Report 11-17-2020 v1.0
Certik | Blockstack Desktop Wallet Pentest Report 11-12-2020
Trail of Bits Report (Github Issues Log, no PDF)
In addition to the reports you can open above, you can find the status of each reported vulnerability:
From NCC Audit
Issue
Severity
Status
Proof Verification May Not Check the Root Hash
High
✅ Resolved by PR 2133
Unbounded Recursion in Contract Parser Leads To Crash
Medium
✅ Resolved by PR 1298
Denial of Service via ClarityVM Process Thrashing
Medium
✅ Resolved by PR 1329
Discrepancies Between SIP 005 and Implementation
Low
Resolved
From Trail of Bits Audit
Issue
Severity
Status
Panic in TypeSignature::admits_type
Medium
✅ Resolved by PR 1299
Panic in DefinitionSorter::run
Medium
✅ Resolved in PR 1246
Missing calls to `check_argument_count` in ReadOnlyChecker::check_native_function
Medium
✅ Resolved in PR 1301
DBConn panics are reachable
Medium
✅ Resolved in PR 1249
Defining the same variable twice results in a panic
Medium
✅ Resolved in PR 1301
Stack overflow via mutual recursion in eval/apply
Medium
✅ Resolved in PR 1277
Stack overflow in Value::consensus_deserialize
Medium
✅ Resolved in PR 1277
Out-of-memory errors in Value::consensus_deserialize
Medium
✅ Resolved in PR 1277
c32_address_decode panics when given crafted input
Medium
✅ Resolved in PR 2199
Stacks Wallet
Issue
Severity
Status
Resolve Missing Electron Security Configuration
Medium
✅ Resolved in PR 331
Disable enableRemoteModule option
Medium
✅ Resolved in PR 331
Update all dependencies
Medium
✅ Resolved in 879353
Apply Recommendations on Argon2 KDF Parameters
Low
✅ Resolved in PR 331
Resolve Lack of Integrity Verification in Mnemonic Encryption
Low
✅ Resolved in PR 331