Stacks 2.0 Security Audit Resolution
Copy link
Stacks 2.0 Security Audit Resolution
Stacks Blockchain
Issue
Severity
Status
From NCC Audit
Proof Verification May Not Check the Root Hash
High
✅
Resolved by
PR 2133
Unbounded Recursion in Contract Parser Leads To Crash
Medium
✅
Resolved by
PR 1298
Denial of Service via ClarityVM Process Thrashing
Medium
✅
Resolved by
PR 1329
Discrepancies Between SIP 005 and Implementation
Low
✅
Resolved in
this commit
From Trail of Bits audit
Panic in
TypeSignature::admits_type
Medium
✅
Resolved by
PR 1299
Panic in
DefinitionSorter::run
Medium
✅
Resolved in
PR 1246
Missing calls to
`check_argument_count`
in
ReadOnlyChecker::check_native_function
Medium
✅
Resolved in
PR 1301
DBConn
panics are reachable
Medium
✅
Resolved in
PR 1249
Defining the same variable twice results in a panic
Medium
✅
Resolved in
PR 1301
Stack overflow via mutual recursion in
eval
/
apply
Medium
✅
Resolved in
PR 1277
Stack overflow in
Value::consensus_deserialize
Medium
✅
Resolved in
PR 1277
Out-of-memory errors in
Value::consensus_deserialize
Medium
✅
Resolved in
PR 1277
c32_address_decode
panics when given crafted input
Medium
✅
Resolved in
PR 2199
Stacks Wallet
Issue
Severity
Status
Resolve Missing Electron Security Configuration
Medium
✅
Resolved in PR 331
Disable enableRemoteModule option
Medium
✅
Resolved in PR 331
Update all dependencies
Medium
✅
Resolved in PRs
879
and
353
Apply Recommendations on Argon2 KDF Parameters
Low
✅
Resolved in PR 331
Resolve Lack of Integrity Verification in Mnemonic Encryption
Low
✅
Resolved in PR 331
Resources
Audit reports:
https://www.dropbox.com/sh/ss01em9ly2r92lx/AACkvXUwxzRDirii5XDwcXuMa?dl=0
Medium severity issues from Trail of Bits audit
Please turn on JavaScript to use Paper in all of its awesomeness. ^_^
Stacks Blockchain
Stacks Wallet
Resources