Status External Audits
This page contains information about all the external audits we have undergone. As we reach major milestones in development, after rounds of internal review and auditing, we reach out to third parties to verify our sanity, and double/triple check the work that we do.
These security audits are not guarantees of security in the projects they pertain to. They are additional checks from objective third parties to help bolster confidence in the security of intended functionality.
As always, if you find a bug or vulnerability in our code, please report it to firstname.lastname@example.org.
Ongoing Security Retainer
Status currently maintains an ongoing retainer contract with Trail of Bits to help with overall security coverage.
Bug Bounty Program
Status currently has a private campaign on the HackerOne platform for bug bounties. We are currently underway to expand this program’s scope and availability post-V1 mobile app release to become public and the de-facto standard method for reporting found vulnerabilities within the Status ecosystem.
Ongoing Security Audits
There are no current ongoing security audits.
Finalized Security Audits
Status Mobile App V1 with Trail of Bits
- Started September 30th, 2019
- Ends November 1st, 2019
- Blog post
Sticker Market contracts with Trail of Bits
- June 2019 - Sticker Market Repository (with contracts)
- Finalized Issue Document
- We opted to not request a finalized generated report from Trail of Bits for this audit, and instead tracked problems through a private repository maintained by Trail of Bits. These were then fixed and summarized in the above document.
- All changes in that repository have been merged into the above linked repository.
ENS smart contract with Sigma Prime
Deja Vu Beta Audit
- May 07, 2018 - Status-go and Status-react repos with Deja Vu
- Blog post