Status External Audits

This page contains information about all the external audits we have undergone. As we reach major milestones in development, after rounds of internal review and auditing, we reach out to third parties to verify our sanity, and double/triple check the work that we do.

These security audits are not guarantees of security in the projects they pertain to. They are additional checks from objective third parties to help bolster confidence in the security of intended functionality.

As always, if you find a bug or vulnerability in our code, please report it to security@status.im.

Ongoing Security Retainer

Status currently maintains an ongoing retainer contract with Trail of Bits to help with overall security coverage.

Bug Bounty Program

Status currently has a private campaign on the HackerOne platform for bug bounties. We are currently underway to expand this program’s scope and availability post-V1 mobile app release to become public and the de-facto standard method for reporting found vulnerabilities within the Status ecosystem.

Ongoing Security Audits

There are no current ongoing security audits.

Finalized Security Audits

Status Mobile App V1 with Trail of Bits

• Started September 30th, 2019
• Ends November 1st, 2019
• Blog post

Sticker Market contracts with Trail of Bits

• June 2019 - Sticker Market Repository (with contracts)

• Finalized Issue Document

  • We opted to not request a finalized generated report from Trail of Bits for this audit, and instead tracked problems through a private repository maintained by Trail of Bits. These were then fixed and summarized in the above document.
  • All changes in that repository have been merged into the above linked repository.

  ENS smart contract with Sigma Prime

• October 2018 - ENS Username Contract - commit hash eaefa92

• Report

• Tests

• Code

• Blog post

Deja Vu Beta Audit

• May 07, 2018 - Status-go and Status-Mobile repos with Deja Vu
• Report
• Blog post