January highlights: I did a full audit of ECC’s lightwalletd repo, did a super quick review of Zgo, and I got some office hour signups which is great to see. For February, I have a mini audit of free2z in progress, and I’m going taking a look at Zondax’s shielded hardware wallet.
I completed a short audit of free2z, I was really impressed by their proactive effort to secure the site using well-set-up CSP headers, HSTS, having a security.txt file, a bug bounty, etc.
My original intent was to finish an audit of Zondax, however I was put in touch with some folks proposing to use ORAM to speed up transaction retrieval for Zcash, and since the ORAM relies on SGX, I did some research to understand SGX’s and other enclaves’ vulnerabilities in detail in order to write up a risk assessment (that’ll be posted soon).
I came to the conclusion that we shouldn’t ask most users to trust their viewing keys to SGX, which gave me motivation to work out a more-scalable transaction detection design that’s pretty private on its own and is also compatible with ORAM/SGX for defense-in-depth.
In March I’m getting back into the Zondax audit and should deliver an assessment of the core hardware wallet code, with a stretch goal of auditing the integrations within various wallets as well.
- Completed a 12-day audit of Zondax’s Zcash shielded hardware wallet code.
- Some research into identity-based encryption to see if it can be used to improve this scalability option.
- Reviewed the ZSA ZIPs.
And here’s the quarterly transparency report summarizing the invoices for the past three months: ZecSec's Q1 2023 Transparency Report | ZecSec: Zcash Ecosystem Security
- Completed a full 10-day audit of all of ZGo’s source code.
- Prepared a talk for Zcon titled “Security Engineering: Learning from Safety-Critical Disciplines” with the intent that it’ll help teach engineers and leaders about how to reason about security and set up a good “security culture” within their organizations. (Talks haven’t been accepted yet so I’m not sure if it’ll actually be at Zcon—if not I’ll post it on some other medium.)
- Audited @hanh’s early-stage Ledger hardware wallet code. I think he can write code faster than I can read it!
- Reviewed the fixes to issues previously found in free2z.
- Had a call w/ an organization interested in applying for the memo field enhancements RFP.
In May, my focus is on doing a complete audit @hanh’s Ledger code.
- Audited most of @hanh’s Ledger code, I just have some of the heavy cryptographic stuff (like the elliptic curve implementation) left to audit.
- Audited Nighthawk’s lightwalletd deployment scripts.
- Figured out how
bridgetreeworks and convinced myself wallets can update their witnesses efficiently in private (yay!).
- I also spent a lot of time on Dev Fund related discussions (which I’m not billing for!)
June is going to be a bunch of audit wrap-up stuff, hopefully getting as many things as possible to a stage where I can talk about them in my Zcon talk (which was accepted!).
I made this chart for my Zcon4 talk but I figured I’d post it here to give the community a summary of the bugs I’ve found through the funding that ZCG has given me. Here’s a breakdown of bugs the I’ve discovered over the past ~year:
The bug categories should be somewhat self-explanatory. The bug severities are somewhat subjective, and I define them as follows:
A “Critical” issue is a vulnerability that can definitely be exploited to impact many users with devastating consequences. “High” means a vulnerability that is likely to have a severe impact on many users. “Medium” means a vulnerability of moderate impact or one that may only be exploitable in special circumstances. “Low” means a vulnerability whose exploitation would have very little impact on any user or is is unlikely to ever be exploited in practice.
“Critical” and “High”-severity issues must be fixed as soon as possible to protect users. “Medium”-severity issues are sometimes safe to defer, and “Low”-severity issues are almost always safe to defer.
In total, I found 83 bugs, 41 of which are rated as medium or above, and 23 of which are rated high or above.
Update for the months of June and July:
- Zcon4! My talk about security engineering can be seen here.
- Wrapped up my audit of Hanh’s hardware wallet (good coverage of everything except the elliptic-curve implementations).
- Looked at audit reports to give a quick security sanity check to ZecHub on using DAODAO.
- Started on auditing Zingo.
- Put up a warning about the milk sad vulnerability
August update: I’ve mainly been focused on wrapping up existing audits (see the table above), and also working on an audit of Zingo. I’ve quickly reviewed Zingo’s mobile app codebase (which is mostly GUI code) and I’m currently working through the zingolib repo where all of the actual scanning and wallet logic lives.
The report from my mini audit of Free2Z (back in February) is posted here: Free2Z Security Audit Results | ZecSec: Zcash Ecosystem Security
The results of auditing @hanh’s Ledger app are now out! Results of Auditing Hanh's Shielded Zcash Ledger App | ZecSec: Zcash Ecosystem Security
zecwallet-lite-cli audit report: Security Audit of zecwallet-lite-cli | ZecSec: Zcash Ecosystem Security
Starting in October, I will be stepping away from my role as the Zcash community’s resident security auditor, more details on my blog:
just watched your zc0n4 talk,
huge thanks for your care and contribution!!
In September/October I wrapped up the grant with:
- A quick audit of Zingo
- A quick audit of Nighthawk
- Helping respond to centralized mining pools
- Other wrap-up tasks like preparing a handoff package for the next person/org to take on this role, reviewed the Nym grant application, updated my ecosystem overview page, etc.
Thank you for your service
We will miss you thanks for all the work you’ve done for the Zcash Ecosystem.