Security Audit
Ergo has successfully passed a security audit of its most critical code components. The audit was performed by Jean-Philippe Aumasson (veorq), a renowned cryptographer.
The detailed report is below. No critical issues were found. Key comments and recommendations are summarized for transparency.
Summary
- The audit covered: Sigma protocol proofs, wallet secret storage, and Proof-of-Work validation.
- No critical vulnerabilities were found.
- Recommendations were made for password policies and parameter validation.
Sigma Protocol Proofs
The Ergo protocol relies on ErgoScript, a scripting language supporting sigma-statements, which can be proven and verified through non-interactive proofs of knowledge. The audit reviewed the implementation for safe encoding, serialization, and correct verification logic.
- Reviewed code from SigSerializer, Interpreter, and ProverInterpreter.
- No security issues identified in proof creation or verification.
- Scala eliminates certain bug classes, but care is still needed for unhandled errors.
Wallet
The audit reviewed wallet secret storage and recovery, focusing on entropy generation, BIP39 mnemonic, and AES-GCM encryption. Two main risks were identified:
- Password length: No enforced minimum. Recommendation: require at least 16 characters for strong security.
- Memory safety: Secret values may remain in memory after execution due to garbage collection. This is a limitation of Scala and most modern languages.
Proof-of-Work Validation
The audit reviewed the latest Autolykos PoW verification logic, ensuring it matches the protocol specification and is properly integrated into block header validation.
- Stricter validation of k and n parameters recommended.
- Assert that k and n are positive values.
- Changing these parameters requires a new network or protocol fork.