Brink, the Bitcoin development organization, recently funded the first-ever independent security audit of Bitcoin Core conducted by a third party (full report available here). The audit was conducted by software security firm Quarkslab with support from the Open Source Technology Improvement Fund (OSTIF) and in collaboration with Bitcoin Core developers Niklas Gögge of Brink and Antoine Poinsot of Chaincode Labs.
This security audit marks a milestone in the history of the development of Bitcoin Core, the most widely adopted and referenced client of the Bitcoin network and protocol.
Bitcoin Core’s security policies and practices have been steadily strengthened and revised to be more thorough and comprehensive over the past few years, but an external audit by a third party specializing in security reviews has become a new hurdle. It was filled.
Audits include manual code reviews, static and dynamic analysis using automated tools, and advanced fuzz testing. This test takes automatically generated input and runs it through various code paths in an attempt to uncover unexpected or harmful behavior.
The audit found no bugs of high, high, or medium severity. Two low-severity issues are different, and 13 other issues are not classified as vulnerabilities in Bitcoin Core’s vulnerability classification criteria.
The entire process also resulted in improvements to Bitcoin Core’s testing infrastructure, including new fuzz testing infrastructure for block connection and chain reorganization scenarios, new areas covered in tests, file system improvements to speed up and improve fuzz testing in general, new utilities for testing the performance of back-sliding code, and suggestions for improving code readability for reviewers and new developers.
Some of these improvements are already in the works for final review and integration into the Bitcoin Core repository.
The results of this independent security audit confirm that recent improvements in Bitcoin Core’s security policies, testing, and overall quality review are having a meaningful impact on the project.
The post The First Third-Party Security Audit of Bitcoin Core by Brink Funds by Quarkslab originally appeared in Bitcoin Magazine and was written by Shinobi.
