Executive Summary

The privEOS system from Slant Ltd. has undergone a security audit performed by the german pentesting company Cure53. No security vulnerabilities could be found, validating Slant’s development practices. If you are interested in the details, here is the link to the full audit report.

“After spending twelve days on the scope in July 2019, four members of the Cure53 team confirm that the Slant privEOS system is mostly vulnerability-free.“
-- Cure53’s Audit Report

What is a security audit?

For a privacy protocol like privEOS, information and data security is of utmost importance. That’s why Slant has taken a security-first approach while designing and building the various components that make up privEOS. It’s important to have Slant’s work checked by independent security experts to analyse and to test security characteristics of the privEOS code and architecture.

What was the result?

Slant is extremely pleased that no security vulnerabilities were found in privEOS. Its cryptographic protocol was found to be sound and properly implemented. The server-side software is securely implemented and does not contain any security holes.

PrivEOS uses the native EOS functionality for encryption. To that end, it relies on the eosjs-ecc library by block.one. Before the external security audit, during its internal review of that library, the team discovered that eosjs-ecc was not using properly authenticated encryption. Therefore, Slant started its own fork of that library, eosjs-ecc-priveos, fixing the broken cryptography by replacing the insecure use of AES-CBC with tweetnacl-js. During the audit, it was confirmed that Slant’s fork fixes the problems in the original eosjs-ecc library. After conferring with Cure53’s cryptographer, the team additionally removed eosjs-ecc’s homegrown authentication tag as it was needlessly producing hashes of the shared secret. Slant published a pull request offering to merge our security changes back into the original eosjs-ecc library which, to this date, sadly has not yet been accepted. Slant urges everyone not to use the original eosjs-ecc library but Slant’s fork of it, eosjs-ecc-priveos, instead.

The third-party library secrets.js, which privEOS is relying on for the shamir secret sharing algorithm, was checked as part of this audit and found to be secure.

The audit team correctly documented that the privEOS NodeJS services did not implement any per-IP rate-limiting. Slant did not consider rate-limiting part of the concern of the NodeJS services as they are always running behind an HTTP load-balancer. The load-balancer, firewall or general data center environment is the correct place to implement protection against (distributed) denial of service attacks. However, to make the privEOS services more difficult to misconfigure, Slant added per-IP rate limiting to the NodeJS services as well as per the suggestion of the audit team.

Who performed the security audit?

After evaluating a couple of security companies for privEOS audit, the choice fell on the german pentesting company Cure53 which has previous experience with EOS and other blockchains as well as great expertise in the area of cryptography. The whole team of Slant thanks the experts at Cure53 for their excellent work!

What was tested?

The privEOS system consists of several systems that interact together. There is the EOS Smart Contract written in C++ as well as the server-side software that is run by the privEOS service providers. This server-side software consists of a number of subsystems that are all implemented using NodeJS that all needed to be checked. Lastly, privEOS is greatly depending on two third-party libraries that implement the cryptographic primitives privEOS relies on. Slant decided to include these two third-party libraries, eosjs-ecc and secrets.js, into the scope of the audit. It is great to know that the most important third-party libraries have been checked as well.