Audit report of IOHK’s ETC wallet

TL;DR: report download.

IOHK is an engineering company that builds cryptocurrencies and blockchains for academic institutions, government entities, and corporations. Major projects of IOHK are Ethereum Classic, the Daedalus wallet, and the Cardano platform.

IOHK solicited Kudelski Security to perform a security audit of Mantis, an Ethereum Classic wallet integrated in Daedalus. Mantis is written in Scala, and includes approximately 12,000 lines of code (our audit covered the code in the phase/daedalus branch).

We did not find any critical security issue, but report 3 medium-severity issues and 4 low-severity issues. Mantis otherwise shows good security engineering, with secure defaults, defensive coding, and a clear code base that facilitates auditing. Our audit report is available here.

We’re happy to work with one of the most respected organizations in the blockchain world, and thank IOHK for trusting us. We also thank the Mantis developers, who promptly respond to our requests and thoroughly investigated possible mitigations.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s