.png)
.svg)
Summary
The most critical subjects covered in our review are protocol correctness and network security. Security regarding protocol correctness is high. Network security is improvable, see Insecure TLS Default Configuration.
The general subjects covered are behavior in the presence of malicious nodes and denial-of-service vectors. Security regarding all the aforementioned subjects is good. Functionality issues may arise in the presence of malicious nodes, see Crash by Malicious Operator and Ignored DKG Phases. Plausible denial-of-service vectors have been found, see Denial of Service via Spam.
In summary, we find that the codebase provides a good level of security.
It is important to note that security reviews are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About SSV Labs
SSV Labs implements a distributed key generation tool to enable the creation of threshold keypairs for Ethereum validators.