Chrysalis: Audit Results
The Chrysalis upgrade is the most significant in IOTA’s history. Every single component of the protocol has been changed throughout Chrysalis phases 1 and 2, including all developer tools, libraries, and our wallet. When dealing with a project of this magnitude, the correct development processes, practices, and testing are critical – in particular, external validation of our development through an audit.
We have employed multiple external parties to audit all critical components of Chrysalis. The components of Chrysalis phase 1 were audited throughout the summer of 2020. Phase 2 audit commenced in January 2021. The following individual audits were performed for Chrysalis phase 2:
- Firefly. A vertical audit was performed by F-Secure. A peripheral audit of wallet.rs, stronghold.rs, iota.rs, and crypto.rs was also performed, though not the main focus.
- wallet.rs. Wallet.rs is a key component of the stack used by Firefly and exchanges.
- stronghold.rs.
- Chrysalis migration logic and architecture.
- Hornet node software.
- Bee node software.
Today we are publishing the report from our wallet software - Firefly. Note: the software was re-audited, after addressing the issues raised by F-Secure.
Below are some brief notes on the items that are not marked as “Fixed” in the Firefly audit report:
- [Fix In Progress] Insufficient verification of certificate chains. The affected auto-update feature has been disabled on the release version of Firefly on Windows. A fix is ready and will be included once fully reviewed and tested.
- [Will not be fixed] Weak protections against evil node operators. Firefly allows users to connect to custom nodes. As anyone can operate a node, it is not possible to guarantee that every node returns correct information. This is why we recommend that users either use the default (official) node list or run their own node.
- [Will not be fixed] Isolation of multiple Firefly application users cannot be guaranteed under a single application install. Firefly profiles are intended to be used by the same person as a way to separate one's funds, or by multiple people in the same family. Profiles are not intended to be used by people who do not know or trust each other.
For all the other audited components, all findings were fixed before the release of Chrysalis.
External auditing is an essential part of software development. These successful audits will give assurances to our partners and provide the IOTA community with peace of mind when developing their own implementations. When we add new features to our various products, we will continue to follow a comprehensive process of internal cross-team review and external re-audit.
There is a wealth of new tooling with Chrysalis and an endless number of use cases. Join the IOTA Discord to get help with your own ideas or to get involved with other community projects. We invite you to build with us and welcome in this new dawn for IOTA.