Third-party security audits
Overview
The DFINITY foundation, a major contributor to the Internet Computer blockchain, takes security very seriously. Not only do engineering and product security teams conduct various security checks and reviews internally before a feature is released, security tools, best practices, and formal models are also developed and open-sourced, so developers can perform their own code checks to detect bugs and improve the overall security of their dapps. What’s more, many of the major technical features built on the Internet Computer go through additional external security assessments conducted by leading organizations such as Trail of Bits and NCC Group, specializing in software security assurance.
Getting external reviews complements internal security efforts and gives engineering and product security teams the opportunity to greatly benefit and learn from the different perspectives expert reviewers provide based on their knowledge and experience of other blockchain projects. After addressing the issues, DFINITY makes the audit reports public on this wiki page, so that the community sees an independent assessment of the feature’s security posture. Such reports signal to users and developers that minimizing the security risks of building on and engaging with the Internet Computer is of utmost importance.
"ckBTC and BTC Integration Review" by Trail of Bits
Reports & Discussion
Date: October 6, 2023
Reports & Discussion:
- Medium blog post: TODO
- Forum post: TODO
- Report, fix notes (TODO)
Areas of the code which were audited
- ckBTC and Bitcoin Integration
Service Nervous System (SNS) Reviews by Trail of Bits
Reports & Discussion
Dates:
- First review: December 1, 2022
- Second review: October 6, 2023
Reports & Discussion:
- Medium blog post: TODO
- Forum post: TODO
- Report (2022), includes fix review
- Report (2023), fix notes (TODO)
Areas of the code which were audited
- Service Nervous System (SNS)
"Threshold ECDSA Integration and Bitcoin Canisters" by Trail of Bits
Report & Discussion
Date: September 5, 2022
Report & Discussion: "Threshold ECDSA Integration and Bitcoin Canisters - Security Review" by Trail of Bits
Areas of the code which were audited:
- Threshold ECDSA Integration and Bitcoin Canisters
"Canister Sandboxing Review" by Trail of Bits
Report & Discussion
Date: July 7, 2022
Report & Discussion: "Canister Sandboxing" by Trail of Bits
Areas of the code which were audited:
- Canister sandboxing
"Threshold ECDSA Cryptography Review" by NCC Group
Report & Discussion
Date: June 16, 2022
Report & Discussion: IC "Threshold ECDSA Cryptography Review" by NCC Group
Areas of the code which were audited:
- Threshold ECDSA
"Internet Computer Consensus Review" by Trail of Bits
Report & Discussion
Date: March 11, 2022
Report & Discussion: "Internet Computer Consensus: Security Assessment" by Trail of Bits
Areas of the code which were audited:
- Consensus Layer
"IC Assessment" by Trail of Bits
Report & Discussion
Date: January 4, 2022
Report Discussion: "IC Assessment" by Trail of Bits
Areas of the code which were audited:
- Internet Computer Interfaces
- Consensus Layer
- Network Nervous System
- Ledger Canister
- Governance Canister
- Registry Canister
- Cycles Minting Canister
- Genesis Token Canister
- Cryptography libraries
- Execution Environment
- P2P layer
- Third Party Dependencies
- Hardware Wallet
See Also
- The Internet Computer project website (hosted on the IC): internetcomputer.org