Grin completes the second security audit: all the problems found have been solved and a new RFC has been implemented

According to official sources, Grin announced that it has completed its second security audit, which was completed by Coinspect from October 2018 until October 2019. In the meantime, in addition to solving the problems found, a new RFC (Request for Comments) was implemented to further improve Grin's security process and improve response process and timeliness. As communities and code bases continue to evolve, it is important to continuously evaluate the security of Grin by improving processes and conducting ongoing security audits. A critical vulnerability was discovered during the audit and was immediately fixed and disclosed using CVE-2019-9195. Five high-risk cases, seven intermediate-risk cases, and one low-risk problem were also reported. All problems have been fixed and verified by Coinspect. Most of the issues involved: 1. directory traversal and file processing; 2. unsafe code in third-party libraries; 3. Rust related errors; 4. P2P connection logic; 5. insufficient validation. These types of problems can lead to denial of service, data corruption, and privilege escalation. Coinspect also found some advanced issues, including third-party dependencies, transaction pool/eviction policies, transaction processing time, and transaction creation workflows, all of which are future goals for improving Grin security. More details can be found in the full report.