Bitcoin Core has successfully completed its inaugural external security audit, confirming the robustness and maturity of its software system that underpins the largest decentralized network. The audit was carried out by the French security firm Quarkslab, commissioned by OSTIF on behalf of Brink, targeting the vital aspects of Bitcoin Core including its peer-to-peer (P2P) interactions and block validation mechanisms.

The evaluation took place over 104 days, from May to September, scrutinizing the software’s components.

The resulting audit report emphasizes that Bitcoin Core is characterized as “the most mature and well-tested” despite its extensive size, which encompasses more than 200,000 lines of C++ code and a comprehensive test suite exceeding 1,200 tests.

Reviewers found that there were no high- or medium-severity security flaws, highlighting only two low-severity issues along with suggestions for improvements mainly related to fuzz testing and code coverage. No significant findings were reported that could disrupt consensus, deny service, or invalidate transactions.

Bitcoin Core audit identifies only two low-severity issues. Source: Quarkslab

Related: Institutions Lean Into Crypto Despite Bitcoin Price Slump

Reviewers find no exploitable bugs

The audit placed significant focus on Bitcoin’s P2P networking architecture, which is essential for managing block and transaction flow as well as peer detection across approximately 125 connections per node. Reviewers indicated that there were no vulnerabilities where malicious data could evade validation or bypass the ban mechanism implemented for misbehaving peers. Additionally, they examined the mempool logic and mechanisms for transitioning state and reorganizing chains, finding no exploitable routes in these critical aspects.

“No significant security issues were identified. Most recommendations focus on refining existing fuzzing harnesses to further improve their effectiveness and coverage,” was the conclusion of the auditors.

Related: US Won’t Start Bitcoin Reserve Until Other Countries Do

Bitcoin Core vs. Knots Debate

The timing of this audit coincides with ongoing discussions among supporters of Bitcoin Core and Bitcoin Knots. The debate, intensified by the Bitcoin Core v30 update, raises concerns about allowing non-financial data on the blockchain, with some critics cautioning it could lead to an influx of spam.

Proponents of Knots claim filtering such data is crucial to prevent unlawful or unethical content from infiltrating Bitcoin’s records. On the other hand, developers of Bitcoin Core argue that enforcing such restrictions could threaten the network’s integrity, confuse users, and contradict the foundational principles of transparency and neutrality.

Alex Thorn, head of research at Galaxy Digital, suggests that most institutional Bitcoin investors seem unaffected by this discord. Polling 25 institutional clients, Thorn discovered that 46% were unaware of the disagreement, 36% expressed indifference, and the remaining 18% were supporters of Bitcoin Core.