CertiK recently evaluated Safeheron's open-source Trusted Execution Environment (TEE)-based RSA key sharding solution, based on Intel® SGX, and identified a vulnerability that could potentially allow privileged attackers with local access to extract confidential data from the SGX enclave.
Safeheron promptly acknowledged the vulnerability highlighted by CertiK and has already implemented fixes to address the issue. Safeheron’s agile response to the threat identified is testament to their commitment to security and dedication to enhancing open-source TEE-based RSA key sharding solution
"We commend Safeheron for their swift and responsible action," said Kang Li, Chief Security Officer at CertiK. "Their approach to rapidly addressing these issues, in addition to their ongoing commitment to open-source solutions, is a testament to their dedication to providing a secure MPC self-custody platform for digital assets.”
"In the rapidly evolving landscape of digital assets, security is our utmost priority,” said Max He, Chief Scientist at Safeheron. “Always maintaining high security is our commitment to our users and the wider Web3 community. Solutions we make publicly available, like the TEE-based RSA sharding solution, can significantly help more Web3 builders enhance their security. We appreciate CertiK's assistance in this process, and together, we continue to strive for a more secure future in blockchain technology."
Safeheron pioneers the combination of MPC technology and TEEs in a transparent manner. Safeheron is one of the few solution providers that have adopted this transparent and accountable approach, a move that CertiK firmly supports and encourages others in the industry to adopt.
"Openness and transparency are vital components for building trust within the Web3 community," stated Li. "We are impressed by Safeheron’s approach and encourage others in our industry to follow their lead."
This collaboration between CertiK and Safeheron underscores both organizations’ commitment to improving security in an industry where its effects are invaluable. Through their joint efforts and ongoing commitment to security, CertiK and Safeheron are poised to shape a more robust and reliable future for open-source security solutions in the blockchain industry.