MIGrated from Dropbox on 1.20.2023 for redundancy
Stacks Audits
Stacks 2.0 Security Audit Reports
In addition to the reports you can open above, you can find the status of each reported vulnerability:
From NCC Audit
Issue
Severity
Status
Proof Verification May Not Check the Root Hash
High
✅ Resolved by PR 2133
Unbounded Recursion in Contract Parser Leads To Crash
Medium
✅ Resolved by PR 1298
Denial of Service via ClarityVM Process Thrashing
Medium
✅ Resolved by PR 1329
Discrepancies Between SIP 005 and Implementation
Low
From Trail of Bits Audit
Issue
Severity
Status
Panic in TypeSignature::admits_type
Medium
✅ Resolved by PR 1299
Panic in DefinitionSorter::run
Medium
✅ Resolved in PR 1246
Missing calls to `check_argument_count` in ReadOnlyChecker::check_native_function
Medium
✅ Resolved in PR 1301
DBConn panics are reachable
Medium
✅ Resolved in PR 1249
Defining the same variable twice results in a panic
Medium
✅ Resolved in PR 1301
Stack overflow via mutual recursion in eval/apply
Medium
✅ Resolved in PR 1277
Stack overflow in Value::consensus_deserialize
Medium
✅ Resolved in PR 1277
Out-of-memory errors in Value::consensus_deserialize
Medium
✅ Resolved in PR 1277
c32_address_decode panics when given crafted input
Medium
✅ Resolved in PR 2199
Stacks Wallet
Issue
Severity
Status
Resolve Missing Electron Security Configuration
Medium
Disable enableRemoteModule option
Medium
Update all dependencies
Medium
✅ Resolved in 879353
Apply Recommendations on Argon2 KDF Parameters
Low
Resolve Lack of Integrity Verification in Mnemonic Encryption
Low