Audit of Gossipsub v1.1 Protocol Design + Implementation for Protocol Labs

# Introduction In early June, our team completed a thorough and comprehensive review of the Gossipsub v1.1 protocol design and implementation for Protocol Labs. This security audit was particularly interesting as v1.1 brings with it a series of notable and important updates that weren’t present in v1.0, including efforts to harden and increase the security …

Read moreAudit of Gossipsub v1.1 Protocol Design + Implementation for Protocol Labs

Audit of the Centrifuge Chain

Overview Centrifuge has requested that Least Authority perform a security audit of the Centrifuge Chain, a Parity Substrate based purpose-specific chain. The Centrifuge Chain is a Proof of Stake chain with block rewards, bridged to Ethereum as its first external network. Our final audit report was completed on April 3, 2020.   

Audit of BTG Pactual’s ReitBZ Token + Management Dashboard for the Tezos Foundation

In preparation for the launch of the BTG Pactual ReitBZ token on Tezos, Least Authority reviewed the ReitBZ Security Token and Token Management Dashboard delivering a final report on March 13, 2020. The ReitBZ Security Token is a real estate backed token implemented with a smart contract using the FA1.2 standard interface, including additional functions …

Read moreAudit of BTG Pactual’s ReitBZ Token + Management Dashboard for the Tezos Foundation

Audit of Centrifuge’s Tinlake Contracts + Actions

Overview Centrifuge has requested that Least Authority perform a security audit of their Tinlake Platform, a smart contracts framework on Ethereum that enables borrowers to draw loans against non-fungible assets. Any assets represented on-chain as Non-Fungible Tokens (NFTs) are financed by issuing an ERC-20 token against all of the collateral NFTs that are deposited into …

Read moreAudit of Centrifuge’s Tinlake Contracts + Actions

Using ZKAPs to Disconnect Payment Data from Service Data

A note from the team: we’re continually looking for possible applications of ZKAPs in a variety of scenarios. If there is a product or project you’re working on that you would like to test ZKAPs with, don’t hesitate to get in touch! Last month, our team, the Least Authoritarians, gave two presentations on ZKAPs—zero-knowledge access …

Read moreUsing ZKAPs to Disconnect Payment Data from Service Data

Audit of ChainSafe Utility Libraries

Overview ChainSafe has requested that Least Authority perform a security audit of their Lodestar utility libraries. Lodestar is an Ethereum 2.0 implementation of the Beacon Chain. The following utility libraries are considered in scope: Persistent Merkle Tree: https://github.com/chainsafe/persistent-merkle-tree BLS key derivation and hd key utilities: https://github.com/ChainSafe/bls-hd-key Key management for BLS curves: https://github.com/ChainSafe/bls-keygen BLS key store: …

Read moreAudit of ChainSafe Utility Libraries

Audit of TzBTC for the Tezos Foundation

Overview The Tezos Foundation requested that Least Authority perform a security audit of TzBTC, a BTC-backed token on Tezos. TzBTC enables the compliant issuance of a fully Bitcoin-backed token on the Tezos blockchain while aiming to eradicate the risks of a single-point-of-failure. This is achieved by dividing the various tasks into keyholders that are responsible …

Read moreAudit of TzBTC for the Tezos Foundation

Audit of MetaMask Plugin System + LavaMoat

Overview ConsenSys AG has requested that Least Authority perform a security audit of MetaMask, a browser extension that enables interaction with applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets.  The following components were …

Read moreAudit of MetaMask Plugin System + LavaMoat

Ethereum 2.0 Specifications

The Least Authority team recently completed our audit of the Ethereum 2.0 Specifications. Read our full report here.  Ethereum 2.0 will be a significant network upgrade and is set to take place in 3 distinct phases—Phase 0: Beacon Chain, Phase 1: Shard Chains, and Phase 2: Execution Environments. It is one of the first Proof …

Read moreEthereum 2.0 Specifications