FYEO performed a secure code assessment of Aureus OX Oxen Flow application
- FYEO
- Jun 4, 2024
- 2 min read
Updated: Mar 26
Update March 26, 2025: XRPL (XRP Ledger) functionality and transaction signing added to
iOS application.
Currently, the application uses Web3Auth and its SDKs for Ethereum (EVM-based) transaction signing, and this update extends that functionality to XRPL transactions. The update includes the creation of an XRPL TSS (Threshold Signature Scheme) account, which is modeled after the existing Ethereum TSS account object but adapted for XRPL-specific encoding and transaction formatting requirements. A key aspect of the update is implementing custom encoding formats needed for XRPL, particularly for signature and transaction formatting, to ensure compatibility with the XRPL ecosystem.
About Oxen Flow:
Oxen Flow is an iPhone wallet application produced by Aureus Ox, a longstanding oracle data provider on Flare Network. Oxen Flow is designed specifically for simplified self-custody with an integrated name service, all built on Flare.
Oxen Flow intends to bridge the gap for users new to the world of crypto currency. Leveraging the iOS framework and a familiar user interface, the application creates a secure platform for users to own their assets.
The app is well-structured and leverages the iOS Keychain to securely store data. The use of the SecRandomCopyBytes function guarantees crypto-graphically secure random number generation.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings and Report
During the security assessment, we uncovered:
2 findings with HIGH severity rating.
4 findings with MEDIUM severity rating.
4 findings with LOW severity rating.
3 findings with INFORMATIONAL severity rating.
During the March 26th, 2025 security assessment, we uncovered:
1 finding with INFORMATIONAL severity rating.
Once notified, the Aureus OX team was quick to address and remediate these findings. You can find a public version of the report and the March 2025 update available below.
Comments