Horizen Source Code Audit
In February 2020, Horizen engaged Coinspect to audit the security of its blockchain platform. In particular this first engagement focused on reviewing Horizen platform additions to the Zcash protocol implementation including its core consensus rules, network protocols and privacy features. Also, Coinspect verified Horizen has properly fixed every known vulnerability inherited from the Zcash codebase.
During this engagement, Coinspect consultants used a hands-on approach to evaluate the platform security, which included:
- Source code review of zen (the Horizen client), including its core consensus rules, network protocols, and privacy features.
- Rapid prototyping of potential attacks and proof of concept development.
The objectives of the assessment included, but were not limited to, identifying the following types of security vulnerabilities: full system compromise, denial of service attacks, information disclosure, network protocol weaknesses, input validation, and misaligned incentives in consensus rules.
During the engagement, Coinspect identified the following issues:
Coinspect observed Horizen’s diligence in monitoring upstream projects and keeping its codebase up-to-date with the latest Zcash fixes and frequently bumping dependencies versions. The only exception to this was a recent vulnerability that has just been announced by the Zcash project.
Coinspect found no high risk vulnerability has been introduced by Horizen modifications to the Zcash project source code; 4 medium and 2 low risk findings and suggestions for addressing them are documented in this report.
Coinspect verified the only High Risk vulnerability found during this engagement was properly fixed by release 2.0.21 published on May 20 2020. The remaining findings, but ZEN-001, were fixed by release 2.0.22 published on October 19 2020. ZEN-001 is a low risk finding related to secure communications and configuration defaults. Horizen decided to not fix this finding because doing so would break backward compatibility with other components in their ecosystem. However, mitigation measures were taken: documentation was improved regarding certificate validation and a command line option to disable the unencrypted connection fallback was added.
Source Code Audit
The Horizen project aims to provide a platform that enables intrinsically secure communications, deniable economic activity and resilient networking. It is an evolution of the Zclassic project, a Zcash fork. This engagement focused specifically on the Horizen client.
The following areas of the code were selected by Horizen as the main objectives for the first phase and were reviewed by Coinspect:
- Previous Zcash security announcements and findings reported by Coinspect to determine which are applicable to Horizen and if they were properly addressed
- Horizen codebase differs from upstream Zcash codebase in:
- Replay Protection
- Fork Manager
- TLS implementation
- Delayed block broadcasting penalty (51% protection)
- TX confirmation finality RPC method
- CoinbaseTX/CommunityFund changes
- Sapling / Sprout Groth16 implementation
All findings have been identified and reproduced with local builds of Zen client version 2.0.19–1. The source code isb based on the master branch following commit:
The following documents were utilized to understand design decisions specific to the Zen client:
- Horizen White Paper (Oct 2019)
- Horizen Proposal to Modify Satoshi Consensus to Enhance Protection Against 51% Attack Whitepaper
- Horizen Application Platform- Tiered Node System and Side Chains to Decentralize the Network
The methodology used during this audit consisted mostly in source code review of the changes introduced by the Horizen team to the Zcash codebase, and gray-box testing of the selected Horizen components.
Besides source code review, the tasks performed during this audit included:
- Crafting invalid and malformed replay protection scripts aimed at bypassing the controls and/or breaking consensus
- BIP-115 reference implementation comparison with Horizen’s
- Testing P2P connection limits with Horizen’s TLS additions
- P2P unbounded data structures and cleanup mechanism stress testing
- Reviewed Horizen’s unit and integration tests looking for edge cases not contemplated in them
- Broadcasting of replay protection invalid transactions
- Broadcasting of replay protection invalid blocks
- Analysis of currently open bugs in the project’s Github repository
- Reviewed how the DoS scoring framework was being used by Horizen code looking for ways to ban well-behaved nodes
- Design rationale behind the delayed block penalty mechanism analysis
Overall, Coinspect found the project code to be security conscious. No high impact vulnerabilities were introduced by the Horizen additions to the Zcash project. Besides, Coinspect verified that Horizen follows upstream security issues and ports security fixes when appropriate. Dependencies version upgrades are also being monitored and up to date.
As a result of this engagement the following high-level suggestions are provided based on the findings documented in this report and weaknesses we observed:
- Improve tests by adding edge cases and malformed inputs that could break assumptions made by the code
- Make sure parsers are strict and do not allow unexpected values for parameters
- Provide secure defaults to prevent deployment mistakes that hinder the network security
- Modify codes so inexpensive checks are always performed before CPU intensive operations
- Delayed block penalty mechanism should be tested with simulations and/or a live network to further understand if any of its potential drawbacks can be exploited
Click here for the full report.