Bitcoin Unleashed is October 19-20 in London:
Join leaders from all over the world innovating on Bitcoin.
Register
Close
About Bitcoin
About Stacks
About the Foundation
Team
Membership
Careers
Grants
MIGrated from Dropbox on 1.20.2023 for redundancy
Stacks Audits
Stacks 2.0 Security Audit Reports
NCC Group | Stacks Blockchain Audit Report 11-23-202 v1.0
NCC Group | Stacks Wallet Report 11-17-2020 v1.0
Certik | Blockstack Desktop Wallet Pentest Report 11-12-2020
Trail of Bits Report (Github Issues Log, no PDF)
In addition to the reports you can open above, you can find the status of each reported vulnerability:
From NCC Audit
Issue
Severity
Status
Proof Verification May Not Check the Root Hash
High
✅ Resolved by
PR 2133
Unbounded Recursion in Contract Parser Leads To Crash
Medium
✅ Resolved by
PR 1298
Denial of Service via ClarityVM Process Thrashing
Medium
✅ Resolved by
PR 1329
Discrepancies Between SIP 005 and Implementation
Low
✅
Resolved
From Trail of Bits Audit
Issue
Severity
Status
Panic in
TypeSignature::admits_type
Medium
✅ Resolved by
PR 1299
Panic in
DefinitionSorter::run
Medium
✅ Resolved in
PR 1246
Missing calls to `check_argument_count` in
ReadOnlyChecker::check_native_function
Medium
✅ Resolved in
PR 1301
DBConn
panics are reachable
Medium
✅ Resolved in
PR 1249
Defining the same variable twice results in a panic
Medium
✅ Resolved in
PR 1301
Stack overflow via mutual recursion in
eval
/
apply
Medium
✅ Resolved in
PR 1277
Stack overflow in
Value::consensus_deserialize
Medium
✅ Resolved in
PR 1277
Out-of-memory errors in
Value::consensus_deserialize
Medium
✅ Resolved in
PR 1277
c32_address_decode
panics when given crafted input
Medium
✅ Resolved in
PR 2199
Stacks Wallet
Issue
Severity
Status
Resolve Missing Electron Security Configuration
Medium
✅
Resolved in PR 331
Disable enableRemoteModule option
Medium
✅
Resolved in PR 331
Update all dependencies
Medium
✅ Resolved in
879
,
353
Apply Recommendations on Argon2 KDF Parameters
Low
✅
Resolved in PR 331
Resolve Lack of Integrity Verification in Mnemonic Encryption
Low
✅
Resolved in PR 331