Minimal scope for security audit #20
Comments
|
I'll contact all the audit companies with this reduced scope and get bids. |
|
@ignopeverell can you add wallet crate to this? IIRC we said that would also be included. |
|
fixed, and audit is underway. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a first pass at detailing what could encompass a minimum but still reasonable audit scope. This would focus on cryptographic and consensus-critical code.
Diff between our version of rust-secp256k1 and upstream.Diff between our version of libsecp256k1 and upstream.If it helps I can produce the diffs for the first 2 points and count the LoC, but overall this shouldn't be that much code.
/cc @Catheryne
Edit: since the 2 first items have been reviewed by JP Aumasson, a full audit on them has become far less pressing. The last 3 items remain important however.
The text was updated successfully, but these errors were encountered: