Vultisig
Website
  • Overview
  • Vultisig Vault User Actions
    • Creating a Vault
    • Managing your Vault
      • Vault Details
      • Vault Backups
      • Vault Rename
      • Vault Reshare
      • Vault QR
    • Keysign
      • How Keysigning works
      • Signing a Transaction
  • Vultisig Infrastructure
    • Overview
    • Vultiserver
      • How does a Fast Vault work?
      • Transaction Policies
      • Why is it safe?
  • Relay Server
  • Vultisig Ecosystem
    • Vulticonnect
      • What is Vulticonnect
      • How to use Vultisig Connect
    • Web App
  • Marketplace
  • Vultisig SDK
  • Threshold Signature Scheme
    • How it works
    • TSS Actions
    • Difference to Multi-Signatures
    • Difference to Passkeys
    • Emergency Recovery
  • VULTISIG Token
    • The $VULT token
    • Launch of $VULT
    • $VULT Staking
    • Airdrop
      • Airdrop V2
  • Other
    • Vultisig Bot
    • Security
    • Frequently Asked Questions
    • Privacy
    • License
    • Terms
  • Developer Docs
    • Infrastructure Overview
    • Vultisig SDK
      • How to use it
  • Marketplace
    • Plugins
    • Ai Agents
Powered by GitBook
On this page
  • Audits
  • Kudelski Audit of mobile-tss-lib
  • $VULT Contract Audit
  • Staking Contract Audit
  • TSS-Security
  • Research

Was this helpful?

Edit on GitHub
  1. Other

Security

Everything related to security what affects the Vultisig Project

PreviousVultisig BotNextFrequently Asked Questions

Last updated 1 month ago

Was this helpful?

Audits

Kudelski Audit of mobile-tss-lib

1.5 Follow-up

After the draft report (v1.0) was delivered, the client addressed all findings in the following

PRs:

• Audit 1 #17 (commit 06fc76f4d6d34f21fa5d1cafd1eb594d8ac4fdd7)

• Audit 2 #18 (commit 2577eb3b00d4d58a7318fa0ada726ba7965579ab)

$VULT Contract Audit

Staking Contract Audit


TSS-Security

While TSS (GG20) is a relatively new cryptographic protocol, it has been extensively tested in the wild by THORChain (thorchain.org) in an open-source and adversarial environment. The fact that it works today with a non-zero amount of funds in vaults is a testament to the robustness of the protocol.

Vultisig also implements GG20, but in a non-adversarial environment. Your trusted devices only connect to each other in deliberate sessions after being unlocked by you or your device owner. Thus, they cannot be attacked while you are asleep with your devices also locked/asleep.

Research

The Threshold Signature Scheme is a relatively new area within the field of Multi-Party Computation. As such, advancements in security and efficiency are ongoing and continuously evolving.

Vultisig closely monitors these developments and is committed to adopting more secure and efficient versions as they become available. Additionally, we are actively researching new possibilities within this space.

The audit was done by for the $VULT contract and can be found .

The audit was done by and can be found .

Code4rena
here
Zenith
here
366KB
Kudelski_Security_Vultisig_Mob_CR_v1.1_Public.pdf
pdf
Audit Summery
Kudelski Findings