Update: FYEO performs security assessment of did-bnb
Following our March audit of Cryptid, a wallet that links an off-chain identity to users’ on-chain identity and the did;sol solution, FYEO recently completed a security assessment of Identity’s did-bnb. This new initiative integrates Decentralized Identifiers (DIDs) on EVM based chains. DIDs are a core component of building a native identity layer and can be viewed as a new type of global identifier.
Findings & Report
During the review of the did-bnb, we discovered:
2 findings with INFORMATIONAL severity rating.
Following the review, the identity.com team worked in conjunction with the FYEO team to remediate all security vulnerabilities identified.
Find full report here:
-----
FYEO performed a security assessment of Cryptid, a wallet that links an off-chain identity to users’ on-chain identity and the did:sol solution, a W3C compliant DID method and resolver operating on the Solana blockchain in January 2023.
Identity.com is a decentralized identity verification platform that allows users to securely and privately verify their identities online. The platform uses blockchain technology to create a network of trusted and verified identity validators, which can be used by individuals, businesses, and organizations to verify the identity of their users, customers, or partners.
The goal of Identity.com is to provide a more efficient, secure, and user-friendly way for people to prove their identity online without having to rely on centralized identity verification services or giving away their personal information to third parties. The platform uses a decentralized network of validators, which means that users' personal information is never stored in a central location, reducing the risk of data breaches or identity theft.
Identity.com also provides a marketplace where users can exchange verified identity credentials, creating a more seamless and trustworthy way to verify identities across different services and platforms. Ultimately, the goal of Identity.com is to give users more control over their online identities and make it easier for businesses to verify their customers' identities while maintaining privacy and security.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings & Report
During the review of the Cryptid wallet, we discovered:
1 finding with HIGH severity rating.
1 finding with MEDIUM severity rating.
1 finding with LOW severity rating.
1 finding with INFORMATIONAL severity rating.
During the review of the sol:did solution, we discovered:
1 finding with HIGH severity rating.
1 finding with MEDIUM severity rating.
1 finding with LOW severity rating.
2 findings with INFORMATIONAL severity rating.
Following both reviews, the identity.com team worked in conjunction with the FYEO team to remediate all security vulnerabilities identified and shared.