Skip to content

Commit 85b3410

Browse files
notmandatorynotmandatory
committed
blog: add 2024 code audit
1 parent d07b506 commit 85b3410

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

docs/_blog/2024_code_audit.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
2+
title: "2024 Code Audit"
3+
description: "2024 Code Audit by Wizardsardine"
4+
authors:
5+
- Steve Myers
6+
date: "2024-12-03"
7+
tags: ["BDK", "project"]
8+
9+
== draft: false
10+
11+
A heartfelt thank you to our friends at [Spiral](https://spiral.xyz/) for sponsoring a code audit of the current `bdk` 1.0.0-beta Rust codebase. Given the size and scope of the BDK project, this audit should be considered a partial review. The effort was led by [Antoine Poinsot](https://gist.github.com/darosior) from [Wizardsardine](https://wizardsardine.com/), who provided valuable recommendations for the BDK team. You can find the full report [here](https://gist.github.com/darosior/4aeb9512d7f1ac7666abc317d6f9453b).
12+
13+
As outlined in Antoine's report, the audit's primary focus was to review the core components that constitute a BDK-based wallet, particularly the new methods for managing and synchronizing chain data. Some reasonable simplifying assumptions were made, such as trusting that the Electrum or Esplora servers to which BDK wallets connect are not malicious. However, a certain level of trust will always be necessary for these two common light client protocols.
14+
15+
While no critical defects were identified, a potential denial of service/performance issue was uncovered, along with several opportunities to enhance the code's fault tolerance. The team is currently addressing the performance issue, as well as some of the more straightforward recommendations. All suggested improvements have been [added to our issues backlog](https://github.com/bitcoindevkit/bdk/issues?q=is%3Aissue+label%3Aaudit) for future releases.
16+
17+
If you are a user or potential user of BDK, or a Bitcoin Rust developer, we would love to hear your feedback. Please reach out on the [BDK Discord](https://discord.gg/dstn4dQ) or comment on individual [issues on GitHub](https://github.com/bitcoindevkit/bdk/issues?q=is%3Aissue+is%3Aopen). As a fully free and open-source project, the BDK team relies on YOU our community of users and contributors to help us create the best Bitcoin wallet library possible.

0 commit comments

Comments
 (0)