Completed
Swafe

Swafe Mitigation Review

No passwords. No backup phrases. No trusted companies. Swafe protects your access — securely, privately, and on your terms.

View dashboard
  • Start date20 Mar 2026
  • End date24 Mar 2026
  • Total awards$12,000 in USDC
  • Duration4 days

Swafe Mitigation Review

Important note

Each warden must submit a mitigation review for every individual item listed in the Scope section below. Incomplete or insufficient mitigation reviews will not be eligible for awards.

Scope

All security fix PRs for the audit are included in this combined branch.

Mitigation of High & Medium Severity Issues

Mitigations of all High and Medium issues listed here will be considered in-scope:

FixMitigation ofNotes
swafe-lib PR 147S-45: Marking a backup makes recovery impossible (recover list never queried)
swafe-lib PR 147S-650: Unable to upload guardian shares on social backupsame PR as S-45
swafe-lib PR 151S-57: Guardian share replay overwrite causes persistent recovery DoS (missing session binding)
swafe-lib PR 152S-521: Unbounded associations per account make recovery initiation linear-time
swafe-lib PR 153S-525: Majority consensus threshold not enforced for even number of nodes
swafe-lib PR 154S-1172: Replayable recovery requests allow attacker to permanently block account recovery
swafe-lib PR 156S-703: Recovery can be done without Guardians' approvals by looking at initial account update tx data

Additional scope to be reviewed

These are additional changes that will be in scope.

FixMitigation ofNotes
swafe-lib PR 151S-12: Off-By-One Error in Guardian Share Index Bounds Check Allows Out-of-Bounds Array Accesssame PR as S-57
swafe-lib PR 151S-210: Invalid guardian shares bypass threshold after voting, causing panic or wrong recovery key during reconstruction same PR as S-57
swafe-lib PR 155S-256: Revoked Association Can Still Complete Initiated Recovery Leading to Account Takeover
swafe-lib PR 157S-867: Secrets Not Zeroized on Drop - Memory Disclosure Risk
swafe-lib PR 157S-1145: Debug derive on MskSecretShareRik leaks raw secret share bytessame PR as S-867
swafe-lib PR 158S-1089: Timing Side-Channel Attack in decrypt_batch Reveals Share Holder Identity
swafe-lib PR 159S-207: DoS via Unbounded Deserialization
swafe-lib PR 159S-127: Unbounded Vector Allocation on Deserializationsame PR as S-207
swafe-lib PR 159S-508: Missing length caps in serialize::vec::{fr,g1}::deserialize leads to heap exhaustion DoSsame PR as S-207
swafe-lib PR 159S-401: Insecure Deserialization Due to Missing Input Length Validationsame PR as S-207
swafe-lib PR 160S-475: Critical API-Sanity Violation: Shamir Share Generation Allows t > n, Producing Unrecoverable Secrets
swafe-lib PR 161S-1105: update_recovery fails to rotate RIK secret share, allowing permanent recovery foothold after a single leak
swafe-lib PR 161S-215: Skipped SoK verification during reconstruction lets attackers forge stored commitments and sharessame PR as S-1105
swafe-lib PR 161S-1236: QA-10/QA-11same PR as S-1105
swafe-lib PR 163S-1163: Permanent Account Lockout via Block Gas Limit Exhaustion

Out of Scope

All other issues arising from the Swafe audit.