Brink Funds First Third Party Security Audit Of Bitcoin Core By Quarkslab

Brink Funds First Third Party Security Audit Of Bitcoin Core By Quarkslab

Briefly

"Brink, the Bitcoin development organization, recently funded the first ever independent security audit of Bitcoin Core conducted by a third party (the full report is available here). The audit was conducted by Quarkslab, a software security firm, with the help of the Open Source Technology Improvement Fund (OSTIF) and collaboration with Bitcoin Core developers Niklas Gögge, from Brink, and Antoine Poinsot, from Chaincode Labs."

"The audit involved manual code review, static and dynamic analysis with automated tools, and advanced fuzz testing, which takes automatically generated input and runs it through different code paths attempting to reveal unexpected or detrimental behavior. No critical, high, or medium-severity bugs were discovered in the audit. Two low-severity issues were different, and thirteen other issues that are not classified as vulnerabilities under Bitcoin Core's vulnerability classification criteria."

"The entire process also resulted in improvements in Bitcoin Core's testing infrastructure, including new fuzz testing infrastructure for block connection and chain reorganization scenarios, a new area to be covered by testing, file system improvements speeding up and improving fuzz testing in general, new utilities for testing back sliding code performance, and suggestions for improving code readability for reviewers and new developers. Some of these improvements are already being worked on for eventual review and merging into the Bitcoin Core repository."