Prepared by:
HALBORN
Last Updated Unknown date
Date of Engagement: November 11th, 2024 - November 15th, 2024
Summary
100% of all REPORTED Findings have been addressed
All findings
2
Critical
0
High
0
Medium
0
Low
0
Informational
2
Table of Contents
1. Introduction
CoreDAO engaged Halborn to perform a security assessment of their BTC Stacking tools from Nov. 11, 2024, to Nov. 15, 2024. The assessment focused on the specific codebase listed in the provided GitHub repository and included relevant commit hashes. More details can be found in the Scope section of this report.
2. Assessment Summary
The Halborn team was allocated one week for the engagement and assigned a full-time security engineer to assess the security of the crates and the overall codebase. The security engineer is an expert in blockchain and smart contract security, with advanced skills in penetration testing and smart contract auditing, as well as extensive knowledge of various blockchain protocols.
3. SCOPE
- ./index.ts
- ./src/script.ts
- ./src/constant.ts
4. Findings Overview
| Security analysis | Risk level | Remediation |
|---|---|---|
| Insecure Handling of Private Key | Informational | Solved - 11/26/2024 |
| Inconsistent Network Validation Logic | Informational | Solved - 11/26/2024 |
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
Table of Contents
// Download the full report
BTC Staking Tools
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed