Runtime Security Review (Fuzzing)

As part of the Alpha Program we aim to support all projects with a Runtime Security Review (Subject to availability). This review assesses your runtime implementation security using a tool based approach.

The automatic analysis is capable of identifying the following security vulnerabilities:

• Reachable runtime panic conditions
• Integer overflows
• Underweighted extrinsics
• Unbounded allocations
• Unbenchmarked extrinsics
• Exponential complexity in weights
• Use of twox_64_concat hasher for user provided keys
• Unsafe code
• Lack of storage deposits
• Wrongly configured ExistentialDeposit

Please note that the review does not cover logic bugs and does not include a report deliverable.

<aside> ☝ The following info is needed before the review:

1. GitHub repository that should be tested
2. Branch/Commit hash the tests should be performed on
3. What runtime config to assess - usually what has the most features

</aside>

The review lasts 1 week and is usually planned several weeks in advance. After having a review, the teams can apply again but teams with no previous reviews will be prioritized.

<aside> 👉

To schedule a review please reach out to the primary PoC

</aside>