Kudelski Architecture and Code Review – 2021

In March, the Kudelski Security Team conducted an audit of the wallet extension at the request of the XDEFI team.

The audit comprised of three key review elements covering:

  • Architecture
  • Code
  • Implementation

The auditors identified noteworthy points across a spectrum of severity amounting to 4 High, 3 Medium, 1 Low, and 18 Informational findings.

All High, Medium and Low findings were remediated at the end of March (shortly after receipt of the report), with the Kudelski Security Team reviewing and approving all fixes (as noted below).

Architecture Review

Kudelski concluded that the architecture of XDEFI Wallet is well designed and well implemented, as supported by a high architecture fitness score of 8.5/10.

You can find the full audit report here

Review of June

Upon receipt of the advice of the auditor at the end of March, XDEFI identified 4 area’s with deficiencies which if addressed would ultimately strengthen the product. These areas were in Maintainability, Testability, Reusability and Debug-ability/Monitoring — all of which were included in the informal findings Kudelski included in March (above).

Upon receipt of these findings, our team worked on immediately addressing and rectifying ahead of the June review.

The June review found that all issues and deficiencies had been addressed, and a Letter of Attestation was provided by the Kudelski Security Team to confirm these issues had been remediated

The Letter of Attestation can be found here