The Bitcoin network’s software has passed its first real security audit.
For four months, researchers from cybersecurity firm Quarkslab delved into the code of Bitcoin Core, the most widely used software for the Bitcoin network, with the goal of discovering vulnerabilities. Read their findings below.
Security Audit of Bitcoin Core #
In total, three cybersecurity experts from Quarkslab spent about 100 working days on the audit.
The approach combined manual code inspection with advanced and automated tests, attempting to overwhelm the software with large amounts of unexpected or erroneous data — a technique known in technical terms as ‘fuzzing’.
The audit was funded by the non-profit organization Brink and coordinated by the Open Source Technology Improvement Fund (OSTIF). The audit report was published on Wednesday. It is the first real public security audit of the software, according to Brink in a blogpost:
“This work represents the first public third-party audit of Bitcoin Core.”
The goal was not to give Bitcoin Core an official security label, Brink explains, but to identify vulnerabilities and potential improvements. Brink writes:
“Bitcoin Core is the leading implementation that powers the Bitcoin network and helps secure billions of dollars in value. The more independent, security-focused researchers contribute their own perspectives, the better.”
Successful Audit #
The audit was successfully completed and Quarkslab found no serious problems. The audit report contains only two low-risk findings and thirteen informational recommendations.
According to Quarkslab, none of them pose a serious threat or impact the security of Bitcoin. However, as a result of the audit, the internal test infrastructure of Bitcoin Core has been slightly improved. Quarkslab writes in the report:
“No high-impact issues were found, but marginal improvements were achieved in the existing fuzzing harnesses, and new variants were added to cover untested scenarios, such as chain reorganizations.”
The successful completion of the audit aligns with the prevailing opinion on Bitcoin’s security. The network has never been successfully attacked and has an uptime of 99.99 percent.
Additionally, the cryptography has never been broken. However, there are increasing concerns about the advent of quantum computers and how they could pose a potential security risk.