Category: Blockchain

12 articles
Date Fri 28 February 2025
Author Elouan Wauquier
Category Blockchain

Allbridge mandated Quarkslab to perform an audit of their updated version of Estrela, an automated market maker for Stellar built on Soroban.

Date Tue 27 August 2024
Authors Elouan Wauquier, Madigan Lebreton
Category Blockchain

Drawing from our audit of Airswift's SCF, we discuss part of Soroban's security model and showcase common vulnerabilities. SCF, for "Supply Chain Financing", is the DeFi product developed by Airswift that "optimizes funds flow" between buyers and suppliers. It is developed on Stellar's smart contract platform: Soroban. Airswift mandated Quarkslab for an audit of their smart contracts, with support from the Stellar Development Foundation. In this blog post, we present the results of this audit, and share common pitfalls to avoid on Soroban.

Date Tue 07 May 2024
Authors Elouan Wauquier, Madigan Lebreton
Category Blockchain

Allbridge, with support from the Stellar Development Foundation, mandated Quarkslab to perform an audit of Estrela, an automated market maker for Stellar built on Soroban.

Date Tue 19 March 2024
Authors Madigan Lebreton, Elouan Wauquier
Category Blockchain

Allbridge's maintainers, with support from Stellar Development Foundation, engaged with Quarkslab to perform an audit of Allbridge Core implementation in the Stellar ecosystem. This new implementation uses Stellar's smart contracts platform: Soroban.

Date Thu 26 October 2023
Authors Madigan Lebreton, Elouan Wauquier, Victor Houal
Category Blockchain

This blog post presents the entire workflow of a transaction executed on zkSync Era. zkSync Era is a Zk Rollup Layer 2 blockchain that executes transactions and proves its execution on the Ethereum blockchain using Zero-Knowledge proofs.

Date Tue 29 March 2022
Authors Robin David, Mahé Tardy
Category Blockchain

Parity Tech mandated Quarkslab to audit XCM version 2 (XCMv2), a cross consensus communication mechanism. This messaging protocol is a cornerstone of the Polkadot ecosystem as it enables communications between chains on a network. This blog post summarizes few security aspects related to this technology and its implementation. The full audit report is available in PDF format at the end of this article.

Date Thu 13 January 2022
Authors Robin David, Laurent Grémy
Category Blockchain

The Litecoin Foundation mandated Quarkslab to audit the implementation of the MimbleWimble protocol in the Litecoin blockchain. This protocol acts as a sidechain in which privacy of the transactions is improved compared to the privacy on the classical chain.

Date Thu 17 December 2020
Authors Laurent Grémy, Christian Heitman
Category Blockchain

The Ethereum Foundation mandated Quarkslab to perform an audit of the herumi libraries. They provide an API to perform BLS signatures, one of the core components of the new iteration of the Ethereum blockchain, named Ethereum 2.0. While reviewing the architecture of these libraries, their back ends and the adherence with the ongoing RFCs to standardize BLS signature usage, we found some issues primarily regarding their design. Although these are not considered critical, they impact the overall reliability of the libraries. We provide recommendations to improve the design of the libraries, the readability of the code and the usability of both projects.

Date Mon 26 August 2019
Authors Laurent Grémy, Guillaume Heilles, Nicolas Surbayrole
Category Blockchain

The Tari Labs mandated Quarkslab to perform a cryptographic and security assessment of the dalek libraries. One of the Tari Labs' projects is to implement the Tari protocol, a decentralised assets protocol. It relies on some of the dalek libraries, especially the cryptographic primitives, provided by subtle and curve25519-dalek. Moreover, the use of Bulletproofs [6], and its implementation by the authors of the dalek libraries, will allow them to enable efficient confidential transactions on the blockchain in a near future.

We only found some minor issues. We also provided recommendations on the usage of the libraries and third-party libraries.

Date Fri 02 August 2019
Authors Philippe Teuwen, Christian Heitman, Laurent Grémy
Category Blockchain

Quarkslab's team performed a cryptographic and security assessment of the Monero Research Lab’s new Proof-of-Work algorithm, called RandomX [1]. RandomX is a proof-of-work algorithm that is optimized for general-purpose CPUs. RandomX uses random code execution together with several memory-hard techniques to minimize the efficiency advantage of specialized hardware. We only found minor inconsistencies and formulated a few recommendations. These recommendations are mainly relevant when using alternative configurations but they are of less importance with the current configuration and usage of RandomX. The full report of the assessment can be found at the following address: [2]