Skip to content
List of known and closed security vulnerabilities related to our products.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
assets/img Initial content for security vulnerabilities disclosures (#1) Jan 15, 2019
core Update core-sv-016.md Apr 29, 2019
deployer docs: adding initial files for start in other repos, to set correct n… Jan 15, 2019
desktop-wallet
mobile-wallet docs: adding initial files for start in other repos, to set correct n… Jan 15, 2019
pay V2.0.18 and v2.0.19 patches (#5) Jan 31, 2019
LICENSE Initial commit Jan 15, 2019
README.md
sec-vuln-template.md Initial content for security vulnerabilities disclosures (#1) Jan 15, 2019

README.md

Ark Improvement Proposals

Producing software inherently comes with risks. All software, especially new releases and large code re-writes, have a higher probability of producing bugs during production and initial release. To combat this, the ARK team has introduced modern testing methods, higher test coverage, a custom developed e2e testing framework and increased the availability for testing on our Development Network prior to the releases. Despite all of that, no one can catch every potential issue.

We are running our own development and security bounty program, and we have partnered with Bugcrowd — the planet’s premier crowd sourced security platform! Make sure to check both bounty programs. Please check detailed instructions, on how to report a security vulnerability https://docs.ark.io/security/.

This repository series will serve as a public disclosure of any discovered and patched vulnerabilities within the ARK Blockchain Platform Product Landscape (Core, Desktop Wallet, Mobile Wallet, ARK Pay & Deployer).

The lists of know and closed or still open security vulnerabilites can be found in the tables below. The table consists of four fields, describing the basic information about listed security vulnerabilities and links to a more detailed description, by clicking on the link in the identifier field.

Core Security Vulnerabilities

Identifier Title Status Version
Core-SV-017 Second Signature Transaction Broadcast/Sign/Order Closed v2.3
Core-SV-016 Receiving a block containing non-valid transactions causes peers to rollback Closed v2.3
Core-SV-015 Delayed block propagation causes the next delegate to miss its block Closed v2.3
Core-SV-014 API endpoint open to possible DDOS attack Closed v2.2.2
Core-SV-013 Transactions near the payload size limit can stop delegates forging Closed v2.1.2
Core-SV-012 Conflicting delegate registration transactions Closed v2.1.0
Core-SV-011 Malicious delegate zero(0) - ARK transaction spam Closed v2.0.18
Core-SV-010 Malicious delegate can cause peers to fork and roll back simultaneously Closed v2.0.19
Core-SV-009 Fake peers can be added by using non-quad-dotted notation Closed v2.0.19
Core-SV-008 Forged blocks by anyone can cause the chain to stop/or start recovering Closed v2.0.17
Core-SV-007 Forging multiple blocks in a slot and rewards hijacking Closed v2.0.17
Core-SV-006 Transaction replay attack with known 2nd signature passphrase / multisignature Open
Core-SV-005 Double forging a block Open
Core-SV-004 IP spoofing Closed v2.0.16
Core-SV-003 Second signature transaction replay Closed v2.0.16
Core-SV-002 Generating new Ark using multi signature transaction Closed v2.0.16
Core-SV-001 Invalid block received Closed v2.0.16

Desktop Wallet Security Vulnerabilities

Identifier Title Status Version

Mobile Wallet Security Vulnerabilities

Identifier Title Status Version

Ark Pay Security Vulnerabilities

Identifier Title Status Version

Ark Deployer Security Vulnerabilities

Identifier Title Status Version
You can’t perform that action at this time.