IOHK has announced that it has solved 11 new vulnerabilities on the Cardano blockchain, in particular on Byron, that is ready to upgrade to Shelley to integrate Proof of Stake.
The Cardano blockchain is evolving very quickly and aims to integrate PoS. The project is still in the testing phase thanks to the ITN (Incentivized Testnet), but there is already the possibility to earn money by participating in the test.
The test phase is now in its infancy and has already achieved results beyond all expectations, which means that it will soon have to migrate from Byron to Shelley.
The root9b company has thus carried out an audit on the blockchain and 11 vulnerabilities were reported that were soon solved by IOHK.
Charles Hoskinson himself pointed out that transparency must be a major strength:
“It is vital that the blockchain industry lives up to its own vision of open and decentralised systems when it comes to the process of building blockchains. Companies must not prioritise secrecy and speed to market over security because vast sums of money and even lives will depend on the software we produce. The industry must open its software development up to third-party audit and share knowledge of vulnerabilities for the benefit of the wider industry as well as user confidence. In this spirit, we chose to commission a third-party audit of the Byron Reboot of Cardano and to publicly disclose the vulnerabilities we found and the fixes we applied.”
The various vulnerabilities found in the audit which were then solved, included the use of the Genesis Key Generation used for testing, although now the code has been altered so as not to compromise this component of the mainnet.
Another error found and then fixed by IOHK was the one related to the potential use of resources and Denial of Service (DoS) attack risk, while for the part of the incomplete protocol on the node side, IOHK specified that the code was used only for the test phase and will not be used later.
As far as the wallet is concerned, there is a security problem that requires the use of the CSP configuration; another problem is the connection and password transmission that relies on the TLS, but in this case, the release of Blake hashing is already planned.
All the points have been solved or mitigated and most of them will be solved with the migration to Shelley that will make the previous leaks obsolete and no longer exploitable by possible criminals attempting to bring down the Cardano (ADA) network.
Only the wallets compatible with BECH32 will have the possibility to delegate and vote; it will be possible to migrate the previous wallets with a simple guide, allowing the creation of a new wallet and saving the 15 keywords.
For the ITN rewards, a snapshot will be made once Shelley is launched and then through the wallet, it will be possible to claim the rewards. Furthermore, the paper wallet and the hardware wallet will have a new firmware released.