Audit of the Nervos Network

Nervos has requested that Least Authority perform a security audit of the Nervos Network, an open
source multi-asset, Proof of Work blockchain, featuring a novel consensus scheme called NC-Max.
Nervos is a decentralized application network consisting of a layered architecture, including the layer 1
protocol known as CKB (Common Knowledge Base), the foundational layer of the Nervos Network, in
addition to the layer 2 protocols and scaling solutions.

The following components were considered in scope:

  1. Consensus
    ○ NC-Max (a variation of the Nakamoto consensus)
    ○ PoW hash function, Eaglesong
    ○ Block verification logic
  2. Transaction
    ○ Token transfer
    ○ Transaction fee
  3. Economic Model
    ○ New token issuance
    ○ NervosDAO
  4. Smart Contract
    ○ CKB-VM
  5. Communication
    ○ P2P protocol / implementation
    ○ Serialization / deserialization
    ○ Eclipse attacks
    ○ RPC implementation


Our final audit report was completed on October 18th, 2019.