About Oxen Flow:
Oxen Flow is an iPhone wallet application produced by Aureus Ox, a longstanding oracle data provider on Flare Network. Oxen Flow is designed specifically for simplified self-custody with an integrated name service, all built on Flare.
Oxen Flow intends to bridge the gap for users new to the world of crypto currency. Leveraging the iOS framework and a familiar user interface, the application creates a secure platform for users to own their assets.
The app is well-structured and leverages the iOS Keychain to securely store data. The use of the SecRandomCopyBytes function guarantees crypto-graphically secure random number generation.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings and Report
During the security assessment, we uncovered:
2 findings with HIGH severity rating.
4 findings with MEDIUM severity rating.
4 findings with LOW severity rating.
3 findings with INFORMATIONAL severity rating.
Once notified, the Aureus OX team was quick to address and remediate these findings. You can find a public version of the report available below.
Comments