Alephium is committed to building and delivering a secure and reliable blockchain. With that in mind, we have recently completed a security assessment of critical parts of our code. This assessment was conducted by Inference and specifically covered:
- Cryptographic Primitives in https://github.com/alephium/alephium/tree/master/crypto/src/main/scala/org/alephium/crypto/, including AES, BLAKE2b, BLAKE3, Ed25519, BIP32 key derivation, and other algorithms;
- Serialization in https://github.com/alephium/alephium/tree/master/serde/src/main/scala/org/alephium/serde/;
- Proof of Less Work — our consensus mechanism (this article explains it in detail);
- Mining operations in https://github.com/alephium/alephium/tree/master/protocol/src/main/scala/org/alephium/protocol/mining/ (esp. Emission.scala )
- Difficulty adjustment in https://github.com/alephium/alephium/blob/master/flow/src/main/scala/org/alephium/flow/core/ (mainly ChainDifficultyAdjustment.scala)
- Node Wallet — (take a look in here for the definition): Wallet code in https://github.com/alephium/alephium/tree/master/wallet/src/main/scala/org/alephium/wallet/, with a focus on the secret’s storage (in storage/SecretStorage.scala).
We are happy to share that no critical flaws were found in our code for the covered topics. We thank Inference for their professionalism & their precise analysis. Our development team analyzed the recommendations given by Inference, and we have a pending PR to address them.
You can find the report on their website: https://inference.ag/blog/2022-10-09-alephium/
Our code is publicly available at https://github.com/alephium
And you can find us on Twitter, Discord, Telegram, or Reddit!