This article was first published on ARK.io | Blog - Medium
ARK Security Vulnerabilities Disclosure — #1
Producing software inherently comes with risks. All software, especially new releases and large code re-writes, have a higher probability of producing bugs during production and initial release. To combat this, the ARK team has introduced modern testing methods, higher test coverage, a custom developed e2e testing framework and increased the availability for testing on our Development Network prior to release. Despite all of that, no one can catch every potential issue. This new reporting series will serve as a public disclosure of any discovered and patched vulnerabilities within the ARK Blockchain Platform (Core, Desktop Wallet, Mobile Wallet, ARK Pay & Deployer).
During our internal and public Development Network testing phase a LOT of bugs were found and patched. While the ARK team does considerable testing, a fresh pair of eyes can often discern issues that we may have overlooked. That is why we value community feedback and put a lot of effort into our bounty programs (which we recently updated).
But, as already said by Edsger W. Dijkstra:
”Program testing can be used to show the presence of bugs, but never to show their absence!”
After the successful launch of ARK Core v2 by the ARK Team and the public migration of the network by the ARK Network Delegates, several critical security vulnerabilities were disclosed to our team by ARK community members & Delegates. Due to the critical nature of these disclosures and the impact they could have had on the network, we would like to thank those responsible for their hard work and efforts to report these issues responsibly. The security vulnerabilities are disclosed below with additional explanations and details on the associated patches. Due to the professionalism of our community security researchers, at no point was anything tested or abused on the ...
To keep reading, please go to the original article at:
ARK.io | Blog - Medium