Beam-mw is a confidential cryptocurrency based on the MimbleWimble protocol, which is MimbleWimble is a cryptographic construction based on the Pedersen commitments and elliptic-curve cryptography.
Beam-mw provides for confidential transactions, transaction cut-through, and notably uses range proofs based on the bulletproofs construction.
Beam hired Kudelski Security to perform a security assessment of their protocol implementation, providing access to source code and documentation.
As agreed with Beam-mw, we publish our audit report, which describes 2 medium-severity issues (both fixed), 7 low-severity ones (of which 3 did not require any change, after analysis with the developers), and 10 observations related to general code safety.
We’d like to thank Beam-mw for trusting us, for their flexibility, and their availability to answer our questions and to provide feedback on our findings.