Brink, the Bitcoin growth group, just lately funded the primary ever unbiased safety audit of Bitcoin Core performed by a 3rd celebration (the total report is accessible right here). The audit was performed by Quarkslab, a software program safety agency, with the assistance of the Open Supply Expertise Enchancment Fund (OSTIF) and collaboration with Bitcoin Core builders Niklas Gögge, from Brink, and Antoine Poinsot, from Chaincode Labs.
This safety audit marks a milestone within the growth historical past of Bitcoin Core, probably the most broadly adopted and reference consumer of the Bitcoin community and protocol.
Whereas Bitcoin Core safety insurance policies and practices have been steadily hardened and revised to be extra thorough and complete over the previous few years, an exterior audit by a 3rd celebration specialised in safety evaluate is a brand new bar to satisfy. It was met.
The audit concerned guide code evaluate, static and dynamic evaluation with automated instruments, and superior fuzz testing, which takes robotically generated enter and runs it by completely different code paths making an attempt to disclose sudden or detrimental habits.
No important, excessive, or medium-severity bugs had been found within the audit. Two low-severity points had been completely different, and 13 different points that aren’t labeled as vulnerabilities beneath Bitcoin Core’s vulnerability classification standards.
The complete course of additionally resulted in enhancements in Bitcoin Core’s testing infrastructure, together with new fuzz testing infrastructure for block connection and chain reorganization situations, a brand new space to be coated by testing, file system enhancements dashing up and bettering fuzz testing usually, new utilities for testing again sliding code efficiency, and ideas for bettering code readability for reviewers and new builders.
A few of these enhancements are already being labored on for eventual evaluate and merging into the Bitcoin Core repository.
The outcomes of this unbiased safety audit have bolstered that Bitcoin Core’s enhancements over current years in safety coverage, testing, and general high quality evaluate have had a significant affect on the mission.