IOHK is an engineering company that builds cryptocurrencies and blockchains for academic institutions, government entities, and corporations. Major projects of IOHK are Ethereum Classic, the Daedalus wallet, and the Cardano platform.
IOHK hired Kudelski Security to perform a security assessment of the Icarus Cardano wallet, providing access to source code, documentation, and review guidelines including references to the most critical components. The repositories concerned are https://github.com/input-output-hk/rust-cardano/ and https://github.com/input-output-hk/js-cardano-wasm as well as private git repositories including the front-end and backend-end code.
Today we publish our audit report, which includes 3 low-severity issues and 11 observations related to general code safety. Furthermore, other issues discovered during the engagement are omitted from this report, because we found out that they affect other applications than IOHK’s Icarus wallet. These issues will be described in a future version of the report.
We thank IOHK for trusting us again, and for making our work easier by preparing architecture and scope description documents for this audit.