top of page
  • Writer's pictureFYEO

FYEO Completes Security Review of Xahaud - Codebase for Xahau



As this network launches, FYEO is honored to be named one of the initial Governance Game Validator Seats & Security partners for the new Xahau network and to announce the completion of the Security Review of Xahaud - the Codebase for Xahau.


FYEO was the first security company to be named on the Security Audit and Secure Infrastructure L2 table as part of Xahau’s Governance Game. FYEO looks forward to contributing to the safety and security of Xahau and the ecosystem that will inevitably grow around it.


FYEO is committed to continuing to support Xahau, XRPL Labs, and Xaman Wallet with on-going security services, including audits, and on-going domain threat monitoring to help protect both the internal code and the external threats.


The audit report below summarizes the engagement, tests performed, and findings. It also contains detailed descriptions of the discovered vulnerabilities, the steps the FYEO Security Team took to identify and validate each issue, as well as any applicable recommendations for remediation. During the audit, the XRPL Labs team adequately remediated all issues listed in this report.


The assessment was conducted remotely by the FYEO Security Team.


Testing took place from October 01 - October 27, 2023, and focused on the following objectives:

  • To provide the customer with an assessment of their overall security posture and any risks that were discovered within the environment during the engagement.

  • To provide a professional opinion on the maturity, adequacy, and efficiency of the security measures that are in place.

  • To identify potential issues and include improvement recommendations based on the results of our tests.


The FYEO Process

When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.


Our goal is to give our clients the following:

  • A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.

  • An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.

  • Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.

  • Give the development team a better understanding of writing and maintaining more secure code. The incremental increase in security is part of the overall increased quality of the project.


Findings & Report

During the Secure Code Review of Xahau, we discovered:

  • 1 finding with HIGH severity rating. - Remediated

  • 4 findings with MEDIUM severity rating. - Remediated

  • 2 findings with LOW severity rating. - Remediated

  • 7 findings with INFORMATIONAL severity rating. - Remediated

Please see the attached full report to learn more!


V1.0 XRPL Labs - Security Review of Xahaud - Codebase for Xahau
.pdf
Download PDF • 788KB


Comments


bottom of page