Public Reports

Audit of TzBTC for the Tezos Foundation

On Apr 8, 2020

Overview The Tezos Foundation requested that Least Authority perform a security audit of TzBTC, a BTC-backed token on Tezos. TzBTC enables the compliant issuance of a fully Bitcoin-backed token on the Tezos blockchain while aiming to eradicate the risks of a single-point-of-failure. This is achieved by dividing the various tasks into keyholders that are responsible […]

Audit of MetaMask Plugin System + LavaMoat

On Mar 24, 2020

Overview ConsenSys AG has requested that Least Authority perform a security audit of MetaMask, a browser extension that enables interaction with applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets.  The following components were […]

Ethereum 2.0 Specifications

and On Mar 19, 2020

The Least Authority team recently completed our audit of the Ethereum 2.0 Specifications. Read our full report here.  Ethereum 2.0 will be a significant network upgrade and is set to take place in 3 distinct phases—Phase 0: Beacon Chain, Phase 1: Shard Chains, and Phase 2: Execution Environments. It is one of the first Proof […]

Tagged In

Audit of MetaMask Permissions System + CapNode

On Dec 18, 2019

Overview ConsenSys AG has requested that Least Authority perform a security audit of MetaMask, a browser extension that enables interaction with applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets. The following components were […]

Our Audit of Ethereum Foundation’s Node Discovery Protocol

On Nov 26, 2019

This summer, Least Authority was hired to audit the Ethereum 2.0 node discovery protocol. We enjoyed diving into the protocol, and found some issues that were really interesting to model and test. Read the full report here.  Proof of Identity The audit went smoothly and we were able to quickly grok the protocol the Ethereum […]

Tagged In

Audit of the Nervos Network

On Oct 31, 2019

Nervos has requested that Least Authority perform a security audit of the Nervos Network, an open source multi-asset, Proof of Work blockchain, featuring a novel consensus scheme called NC-Max. Nervos is a decentralized application network consisting of a layered architecture, including the layer 1 protocol known as CKB (Common Knowledge Base), the foundational layer of […]

Audit of Ethereum Foundation’s Node Discovery Protocol

On Oct 29, 2019

The Ethereum Foundation requested that Least Authority perform a security audit of the next generation Node Discovery Protocol being developed for the Ethereum P2P network stack. The following components were considered in scope:  Node Discovery Protocol v5 – Specification Node Discovery Protocol v5 – Theory Node Discovery Protocol v5 – Wire Protocol   Our final […]

All Published Audits

On Oct 29, 2019

Tezos Foundation’s TzBTC, March 2020 (report) Ethereum Foundation’s Ethereum 2.0 Specifications, March 2020 (report) ConsenSys AG’s MetaMask Plugin System + LavaMoat, March 2020 (report) ConsenSys AG’s MetaMask Permissions System + CapNode, December 2019 (report) Ethereum Foundation’s Node Discovery Protocol, October 2019 (report) Nervos Network, October 2019 (report) ProgPoW Algorithm, September 2019 (report) Blockstack Stacks Investor […]

Tagged In

Audit of ProgPoW Algorithm

On Sep 10, 2019

Ethereum Cat Herders, Ethereum Foundation, and Bitfly have requested that Least Authority perform a security audit of ProgPow, a Programmatic Proof-of-Work (PoW) algorithm to replac Ethash — in order to verify the security of the algorithm and provide clear metrics about its performance. This audit is part of the overall effort to examine ProgPow in […]

Least Authority Audits MetaMask’s Mobile App

On Jun 20, 2019

Least Authority conducted a security audit of the MetaMask mobile application, a wallet and developer tool for applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets. The mobile application is built in React Native within a single codebase for both iOS and Android platforms. MetaMask previously built and released a web extension providing the…