At Identity.com, we are committed to ensuring the highest standards of security for our users. As part of this commitment, we regularly undergo rigorous security assessments to identify and address potential vulnerabilities in our systems.
Today, we’re excited to share the results of our latest security assessment for our “did-bnb” project. For reference, the did:bnb project is at the forefront of expanding the utilization of decentralized identifiers (DIDs) on the BNB Chain. By doing so, we empower users with greater control over their identities, enabling them to share only essential information and safeguarding the privacy of their personal data. Learn more about the grant we received from BNB Chain and what we are working towards here.
Overview of the Security Assessment
Our team engaged FYEO Inc., a renowned security firm, to perform a comprehensive security assessment on our “did-bnb” project. This assessment was conducted over a week, with the primary objectives being:
- Evaluating our overall security posture.
- Identifying potential risks within our environment.
- Providing a professional opinion on the maturity, adequacy, and efficiency of our security measures.
Key Findings
The assessment revealed two informational findings:
- Data Iteration in Remove Functions: The code for various remove functions calls a check function that iterates through the data twice, which is not ideal for gas usage.
- Flag Range Validity: The system currently allows flags outside of the valid range to be set.
We’re pleased to share that both of these findings were informational in nature and did not pose any critical security risks. Nevertheless, we take every finding seriously and have successfully resolved these issues to further enhance the robustness of our system.
Conclusion
In line with our dedication to transparency, we’ve made the full security assessment report publicly available. You can access the detailed report on our GitHub repository. Additionally, for those interested in our other technology, we’ve also published security assessments for “cryptid” and “did:sol” which are located in the footer of our website under the “security” section.
The security of our users is our top priority at Identity.com. Stay tuned for additional updates as we work to ensure the highest standards in all our projects.