Code Audits
Continued code reviews and audits are important for the security of Grin. As such, we highly encourage interested security researchers to:
- Review our code, even if no contributions are planned.
- Publish their findings in accordance with our responsible disclosure standard, even if no particular bug or vulnerability was found. We can all learn from new sets of eyes and benefit from increased scrutiny. While we may disagree with some small points of design or trade-offs, we will always do so respectfully.
All code review and audit contributions are welcome regardless of depth, area or background of the contributor. Many contributions from many different perspectives can help ensure long term security for the Grin codebase.
A complete list of PGP keys, canaries, CVEs and audits can be found in the grin-security repository.
Past Audits
| Audit | Results |
|---|---|
| JP Aumasson, secp256k1 extensions | report - status |
| Coinspect, code audit v1.0.1 | report - status |
| Nym Seddon, code audit v4.0.0 | report - status |