IOHK Releases Cardano’s Byron Reboot Third-Party Security Audit; 11 Vulnerabilities Found

  • IOHK publishes potential vulnerabilities that are successfully resolved “to spur greater transparency and security across the industry.”
  • Cardano has released the latest version of Daedalus which is the mainnet wallet for Cardano and is faster with several improvements.

Just before entering into this month, Cardano went live with its Byron Reboot, in preparation for its transition to the Shelley mainnet.

The Reboot that took 18 months to complete was made “from scratch” and included a series of updates to the Cardano network — the node, explorer, and Daedalus wallet backend. The new design as explained by IOHK, was

“modular, separating the ledger, consensus, and network components of the node, allowing anyone of them to be changed, tweaked, and upgraded without affecting the others.”

In Cardano’s aim to maximize decentralization on its network, the Byron reboot was one step which in itself wasn’t an event but more of a process.

Now, IOHK has published 11 potential vulnerabilities uncovered and successfully resolved as well during Phase 1 and 2 of the third-party audit of the Byron Reboot “to spur greater transparency and security across the industry.”

“It is vital that the blockchain industry lives up to its own vision of open and decentralized systems when it comes to the process of building blockchains,” said Cardano creator and CEO of IOHK Charles Hoskinson.

“Companies must not prioritize secrecy and speed to market over security because vast sums of money and even lives will depend on the software we produce.”

Potential vulnerabilities successfully resolved

As of April 20, 2020, the cybersecurity company root9B (R9B) found insecure Genesis Key Generation which has now been rectified by altering the code to use secure key generation.

Just like with genesis key generation, it was found the potential protocol incompletion and primitive usage of mock crypto was only for testing and not for production use, with real implementation forthcoming.

For code practice and potential resource usage/denial of Service (DoS), R9B confirms the changes fully address issues 2, 3, and 4.

When it comes to ADA wallet, Daedalus has been fully upgraded to the Byron Reboot Era and is now up for download, tweeted Hoskinson.

The brand new Daedalus is the mainnet wallet for Cardano. Built on the new Haskell codebase, this version brings advancements in stability, reliability, and performance along with improvements in connection, blockchain synchronization & wallet restoration speed, as well as reduced memory usage, shared IOHK.

Root98 found weakened protection – CSP in Electron App but this configuration is used by IOHK until Chrome can evaluate WASM without it.

Also, Blake hash function was performed only once when applying a spending password, IOHK confirmed, “Daedalus frontend to Cardano wallet backend connection relies on TLS for password security in transmission and plans to phase out Blake hashing.”

IOHK is further planning to heed the potential future issue with payment URI for code that may encounter it and to replace the update process with a new one to be released in April 2020.

R9B has also accepted the resolution that addresses randomization is for port conflict-avoidance and that IOHK has removed the exposed surface including disabling the Monitoring Web Frontend in the configuration.

Lastly, the theoretical Denial of Service (DoS) vulnerability is expected to be fully resolved by the Ouroboros Praos private slot-leader schedule (Shelley).

Cardano (ADA) Live Price

1 ADA/USD =$0.3424 change ~ 0.66%

Coin Market Cap

$11.89 Billion

24 Hour Volume

$113.21 Million

24 Hour VWAP


24 Hour Change


Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide