Report

NCC Group Security Audit Results of Coda Protocol

This spring, Coda Protocol concluded a security audit conducted by NCC Group, one of the world's leading cyber security service providers, to ensure the security and strength of our protocol.

This spring, Coda Protocol concluded a security audit conducted by NCC Group, one of the world’s leading cyber security service providers, to ensure the security and strength of our protocol. We are pleased to be able to share the report.

Based on NCC Group’s audit, no critical or major issues were found, and the common cryptographic issues uncovered have since been fixed.

The scope of NCC Group’s evaluation included review of the following components:

  • Overall Protocol Review
  • Blockchain and Transaction SNARKs
  • Compilation of Snarky to Rank-1 Constraint System (R1CS)
  • Implementations of Snarky Primitives
  • Elliptic Curves and Generators
  • Ledger HW Wallet Implementation

The common cryptographic flaws pointed out by NCC Group are:

  • Potential mishandling of point addition edge cases, which could result in provers being forced to create invalid proofs.
  • In computers that used a legacy C++ standard library or could not access cryptographically-secure pseudorandom number generators, Schnorr secret key values are generated such that attackers with knowledge of the underlying system would likely be able to predict the secret.

Be sure to check out the report for a more detailed overview of findings and our team’s response.

More from our Blog

SEE ALL POSTS
Retro / 2024-03-21 / Vitor Silva
Upgrade Mechanism Testing Retrospective
Track 3 allowed for the testing of various loads and helped uncover issues which have since been resolved. As a result, an optimal configuration was identified, and the release candidate for the Mainnet Upgrade is ready.
Read more
Learn / 2024-03-15 / Will Cove
Introducing ‘httpz’: the internet you can trust
Read more
Community, Events / 2024-03-13 / Mina Protocol
BUIDL with Mina Protocol at ETH Seoul 2024
Read more
Announcement / 2024-03-12 / Mina Foundation
zkIgnite, Cohort 3 Funded Projects
Read more

О технологии

AboutTechCta

Mina использует передовую криптографию и рекурсивные zk-SNARKs для обеспечения полной децентрализации при масштабировании.

Начните работу

GetStartedCta

С Mina вы сможете легко подключить ноду, присоединиться к сообществу и участвовать в его развитии.