Audits

Index of known audits related to Stacks core and sBTC

All 'high' or 'critical' issues listed in audits have either been mitigated or otherwise made obsolete, even if the report states otherwise.

sBTC

2MB
Clarity Alliance - sBTC.pdf
pdf
826KB
CoinFabrik - WSTS.pdf
pdf
1012KB
Ottersec - sBTC Withdrawal.pdf
pdf
1MB
Ottersec - WSTS.pdf
pdf

Stacks Core

153KB
CoinFabrik - Signer Binary.pdf
pdf
154KB
CoinFabrik - StackerDB.pdf
pdf
1MB
CoinFabrik - Stacks LibSigner.pdf
pdf
165KB
Coinfabrik - Stacks PoX.pdf
pdf
1MB
CoinFabrik - Stacks Signer Audit.pdf
pdf
4MB
Quantstamp - Network State Machine.pdf
pdf

Audits are just part of the story

For any project, layers of security are crucial. Audits represent one layer, while core developers and contributors collaborate to provide many more. Notable security programs, designs, and partners beyond audits include:

  • Embedded security researchers via Asymmetric Research

  • Attackathon programs in partnership with Immunefi

  • sBTC’s decentralized network of validators/signers (removing the need to entrust a single entity and mitigating counterparty risk)

  • Stacks’ underlying design that offers 100% Bitcoin finality, securing sBTC at the consensus level of a $2.5 billion network.

  • Support at the app layer via Hypernative

  • Bitcoin L2 Labs' whitehat security program

  • Stacks Foundation's partnership with Staking Defense League,

  • Stacks Founation's ongoing Immunefi bug bounty program

  • Dedicated Stacks Foundation Residents focused exclusively on fuzz and penetration testing (created Rendezvous)

Other audits

1MB
Clarity Alliance - sBTC Rewards Program.pdf
pdf
245KB
Blockstack_Desktop_Wallet_Pentest_Report_11-12-2020.pdf
pdf
708KB
NCC_Group_Stacks_Wallet_Report_2020-11-17_v1.0.pdf
pdf
754KB
NCC_Group_Stacks_Blockchain_Audit_Report_2020-11-23_v1.0.pdf
pdf

Trail of Bits Report, Stacks Blockchain (No PDF, Github Issues List provided)

PreviousTechnical SpecificationsNextBlock Production

Last updated

Was this helpful?