Serai is an actively developed cross-chain, decentralized exchange for Bitcoin, Ethereum, and Monero. Built from scratch in Rust, Serai uses threshold multisignatures to secure coins under its own decentralized network.
PoC Required
KYC required
Select the category you'd like to explore
Assets in Scope
Impacts in Scope
Signing of unintended messages
Ability to forge proofs
Unintended, undocumented recovery of private spend keys (or private spend key shares)
Reportedly received funds which weren’t actually received/spendable
Incorrect/incomplete (in the academic sense) cryptographic formulae within a verifier's callstack
Undocumented transcript collision
Undocumented panic reachable from a public API
Non-constant time implementation with regards to secret data
Incorrect/incomplete (in the academic sense) cryptographic formulae within a prover's callstack
Out of scope
- Attacks breaking BFT assumptions
- Best practice critiques
- Signature production by the threshold
- Attacks reliant on attacking an out of scope communication protocol between library users
- Invalid circumstances reachable by providing invalid hashes/curves/ciphersuites/algorithms/etc
- Attacks on the cross-group discrete logarithm proof, marked experimental
- Vulnerabilities/issues in tests/code explicitly for tests
- Bugs only reachable via unsafe code
Blockchain/DLT specific
- Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
- Impacts requiring basic economic and governance attacks (e.g. 51% attack)
- Lack of liquidity impacts
- Impacts from Sybil attacks
- Impacts involving centralization risks