This spring, Coda Protocol concluded a security audit conducted by NCC Group, one of the world’s leading cyber security service providers, to ensure the security and strength of our protocol. We are pleased to be able to share the report.
Based on NCC Group’s audit, no critical or major issues were found, and the common cryptographic issues uncovered have since been fixed.
The scope of NCC Group’s evaluation included review of the following components:
- Overall Protocol Review
- Blockchain and Transaction SNARKs
- Compilation of Snarky to Rank-1 Constraint System (R1CS)
- Implementations of Snarky Primitives
- Elliptic Curves and Generators
- Ledger HW Wallet Implementation
The common cryptographic flaws pointed out by NCC Group are:
- Potential mishandling of point addition edge cases, which could result in provers being forced to create invalid proofs.
- In computers that used a legacy C++ standard library or could not access cryptographically-secure pseudorandom number generators, Schnorr secret key values are generated such that attackers with knowledge of the underlying system would likely be able to predict the secret.
Be sure to check out the report for a more detailed overview of findings and our team’s response.
About Mina Protocol
Mina is the world’s lightest blockchain, powered by participants. Rather than apply brute computing force, Mina uses advanced cryptography and recursive zk-SNARKs to design an entire blockchain that is about 22kb, the size of a couple of tweets. It is the first layer-1 to enable efficient implementation and easy programmability of zero knowledge smart contracts (zkApps). With its unique privacy features and ability to connect to any website, Mina is building a private gateway between the real world and crypto—and the secure, democratic future we all deserve.