Audit report of IOHK’s Icarus wallet

IOHK is an engineering company that builds cryptocurrencies and blockchains for academic institutions, government entities, and corporations. Major projects of IOHK are Ethereum Classic, the Daedalus wallet, and the Cardano platform.

IOHK hired Kudelski Security to perform a security assessment of the Icarus Cardano wallet, providing access to source code, documentation, and review guidelines including references to the most critical components. The repositories concerned are https://github.com/input-output-hk/rust-cardano/ and https://github.com/input-output-hk/js-cardano-wasm as well as private git repositories including the front-end and backend-end code.

Today we publish our audit report, which includes 3 low-severity issues and 11 observations related to general code safety. Furthermore, other issues discovered during the engagement are omitted from this report, because we found out that they affect other applications than IOHK’s Icarus wallet. These issues will be described in a future version of the report.

We thank IOHK for trusting us again, and for making our work easier by preparing architecture and scope description documents for this audit.

16 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s