Blog

Audit of MetaMask Permissions System + CapNode

Overview ConsenSys AG has requested that Least Authority perform a security audit of MetaMask, a browser extension that enables interaction with applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets. The following components were

Read More »

Our Audit of Ethereum Foundation’s Node Discovery Protocol

This summer, Least Authority was hired to audit the Ethereum 2.0 node discovery protocol. We enjoyed diving into the protocol, and found some issues that were really interesting to model and test. Read the full report here.  Proof of Identity The audit went smoothly and we were able to quickly grok the protocol the Ethereum

Read More »

Audit of the Nervos Network

Nervos has requested that Least Authority perform a security audit of the Nervos Network, an open source multi-asset, Proof of Work blockchain, featuring a novel consensus scheme called NC-Max. Nervos is a decentralized application network consisting of a layered architecture, including the layer 1 protocol known as CKB (Common Knowledge Base), the foundational layer of

Read More »

Audit of Ethereum Foundation’s Node Discovery Protocol

The Ethereum Foundation requested that Least Authority perform a security audit of the next generation Node Discovery Protocol being developed for the Ethereum P2P network stack. The following components were considered in scope:  Node Discovery Protocol v5 – Specification Node Discovery Protocol v5 – Theory Node Discovery Protocol v5 – Wire Protocol   Our final

Read More »

Audit of ProgPoW Algorithm

Ethereum Cat Herders, Ethereum Foundation, and Bitfly have requested that Least Authority perform a security audit of ProgPow, a Programmatic Proof-of-Work (PoW) algorithm to replac Ethash — in order to verify the security of the algorithm and provide clear metrics about its performance. This audit is part of the overall effort to examine ProgPow in

Read More »

The Path from S4 to PrivateStorage

In March 2019, Least Authority announced PrivateStorage, our new joint venture with Private Internet Access, a privacy-focused VPN provider, to launch a new secure cloud storage product based on Tahoe-LAFS. Since then, we have been asked questions about how PrivateStorage relates to our currently offered Simple Secure Storage Service (S4), including what will make PrivateStorage

Read More »

Least Authority Audits MetaMask’s Mobile App

Least Authority conducted a security audit of the MetaMask mobile application, a wallet and developer tool for applications built on Ethereum. MetaMask allows users to browse the web and interact with Ethereum applications, sign messages and transactions, and securely manage and store their private keys and assets. The mobile application is built in React Native within a single codebase for both iOS and Android platforms. MetaMask previously built and released a web extension providing the…

Read More »

Audit of Blockstack’s Stacks Investor Wallet

Blockstack has requested Least Authority perform a security audit of the Stacks Wallet, in anticipation of an updated release prior to May 15, 2019. The scope of the audit is focused on a major new feature that will be included in the updated release: allowing users to create a software-only wallet, enabling them to send

Read More »