Report: Audit of Paul Miller’s micro-sr25519 (now scure-sr25519) by Oak Security, funded by dotPAL bounty, facilitated by Edgetributor SubDAO
Important documents:
- Previously approved OpenGov development proposal for Paul Miller, facilitated by Edgetributor SubDAO: https://polkadot.polkassembly.io/referenda/1165
- Proposal to dotPAL bounty: {PAL bounty} Audit sponsorship of micro-sr25519 package by Paul Miller.pdf
- Oak Security’s scope & quotations: Proposal - micro-sr25519 Security Audit v1.4.pdf
- Services Agreement: Services_Agreement_Edgeware_micro_sr25519_Security_Audit_rama_edgeware.pdf
- Invoices: INV-000663.pdf, INV-000684.pdf
- Payment Receipts: Payment-683.pdf, Payment-682.pdf, statement_EdgewareDAOAssociation.pdf
- Reports v1: 2025-06-12 Audit Report - Polkadot micro-sr25519 v1.0.pdf, 2025-06-12 Differential Fuzz Testing Report - Polkadot micro-sr25519 v1.0.pdf
- Reports v2: 2025-07-31 Audit Report - Polkadot micro-sr25519 v1.1.pdf, 2025-07-31 Audit Report - Polkadot micro-sr25519 v1.2.pdf, 2025-07-31 Audit Report - Polkadot micro-sr25519 v1.3.pdf, 2025-08-01 Audit Report - Polkadot scure-sr25519 v1.4.pdf, 2025-08-19 Audit Report - Polkadot scure-sr25519 v1.5.pdf
- Documents monofolder: Audit of micro-sr25519 (now scure-sr25519)
Auditing and Operations Timeline:
10th March : The development was done by Paul Miller and the package was ready for auditing.
29th March : After meetings with several auditing firms and reviewing their offerings, Edgetributor SubDAO contributors came to the conclusion that Oak Security’s offerings/scope was better than the other auditing firms. We considered the background, experience, stack familiarity of the involved researchers/auditors and the number of researchers proposed in the auditing scopes provided by the 3 candidate firms. Additional qualifications’ judgement included Polkadot ecosystem familiarity, low level JS/TS experience and cryptographic curves familiarity in this exact order.
8th April : The proposal for Oak Security’s audit funding was drafted to OpenGov by Edgetributor SubDAO: https://polkadot.polkassembly.io/referenda/1520
15th April : The proposal was proposed to the dotPAL bounty by Edgetributor SubDAO, as the community advocated for the same in OpenGov.
25th April : The proposal got approved by dotPAL bounty curators.
28th April : First draft of the Service Agreement was shared by Oak Security to Edgetributor SubDAO for the review.
1st May : Funds disbursal was done to Edgetributor SubDAO: https://polkadot.subscan.io/account/13UVJyLnbVp9RBZYFwHZ1tfzDT8J4osUGw5XgrtWo4Qtep8y?tab=transfer
2nd May : Liquidation of DOT to USDC was done by the Edgetributor SubDAO and the remaining Liquidation Buffer was returned to the dotPAL bounty:
- Liquidation: https://hydration.subscan.io/extrinsic/7457278-2
- Liquidation Buffer sent back to dotPAL: https://polkadot.subscan.io/extrinsic/25840823-2
2nd May : Audit engagement start date was scheduled for 19th May as per the earliest slots available.
7th May : After 4 iterations of refinements suggested by Edgetributor SubDAO to Oak Security, the Service Agreement was finalised for signing from both the parties.
16th May : 50% (first part) of the audit fee was disbursed by Edgetributor SubDAO to Oak Security.
- 1/2 Payment to Oak Security: https://hydration.subscan.io/extrinsic/7549970-3, https://etherscan.io/tx/0x5ee0bf471c31143a3332f36c5705fcf93abde13d14118622831289b1e5090a99
19th May : The Audit Service Agreement was signed and counter-signed by Edgetributor SubDAO and Oak Security respectively.
19th May : Main Security Audit (1st Stream) process was initialised involving 1 Project Manager, 1 Lead Auditor/Researcher and 3 Auditors/Researchers from the Oak Security’s side.
23rd May : Received the first drafts for audit & fuzzing reports along with the Issue Tracker from Oak Security which were further shared by Edgetributor SubDAO with dotPAL bounty curators and Paul Miller.
Polkadot micro-sr25519 - Issue Tracker
25th May : Paul Miller acknowledged the draft reports and shared initial feedback/comments which were relayed to Oak Security by Edgetributor SubDAO.
26th May : Oak Security reviewed the comments and shared clarifications which were further shared with Paul Miller by Edgetributor SubDAO.
6th June : Paul Miller accomplished the implementation all the suggestions by Oak Security:
https://github.com/paulmillr/scure-sr25519/commits/01f903de2c79cfeb71c499d0e9538d0be8b93dc5/
Paul Miller also provided a filled (offline) version of Issue Tracker which Edgetributor SubDAO utilised to update the google sheet version of the Issue Tracker accordingly.
11th June : Changes/fixes by Paul Miller were reviewed by Oak Security and provided the final drafts of audit & fuzzing reports which were further shared with Paul Miller by Edgetributor SubDAO.
12th June : Paul Miller reviewed and confirmed the final drafts. Edgetributor SubDAO relayed the confirmation to Oak Security.
13th June : v1 Security Audit and Fuzz Testing reports were published by Oak Security.
https://github.com/oak-security/audit-reports/tree/main/Polkadot,
https://x.com/SecurityOak/status/1933435273209061741
14th June : Remaining 50% (second part) of the audit fee was disbursed by Edgetributor SubDAO to Oak Security and the unused Extrinsic/Bridging Fee Buffer was used to buy back DOT to return to the dotPAL bounty.
- 2/2 Payment to Oak Security: https://hydration.subscan.io/extrinsic/7916485-4,
https://etherscan.io/tx/0x0694bc32a0a9abac1ce37275382a6b0281df438e82466ce1f8943725b9c2660b - Buyback the DOT from the remainder 89.849 USDC of the Extrinsic/Bridging Fee Buffer: https://hydration.subscan.io/extrinsic/7916855-2
18th June : Unused Extrinsic/Bridging Fee Buffer was returned to the dotPAL bounty:
https://polkadot.subscan.io/extrinsic/26505698-2
28th June : Oak Security shared both the payments’ receipts and statement of accounts to Edgetributor SubDAO.
28th July : Additional independent cryptographic review by the senior/PhD security researcher Nadim Kobeissi commenced.
1st August : First draft for the v2 audit from the senior/PhD security researcher Nadim Kobeissi was drafted by Oak Security, which was further shared by Edgetributor SubDAO with dotPAL bounty curators and Paul Miller. Also, the existing Issue Tracker was updated.
4th August : Acknowledgement on the v2 report draft from Paul Miller was received by Edgetributor SubDAO with no actionables.
10th August : Paul Miller found a way to deterministically test randomness and switch away from RNG to randomBytes. This was further notified to Oak Security by Edgetributor SubDAO.
15th August : Oak Security acknowledged and confirmed the commit corresponding to the new changes with Edgetributor SubDAO.
19th August : Oak Security verified that the fix worked as expected and shared the updated report.
19th August : Edgetributor SubDAO shared the latest audit report with Paul Miller and the dotPAL bounty curators for final review before Oak Security made the report public.
20th August : Paul Miller reviewed and confirmed the latest report draft. Edgetributor SubDAO relayed the confirmation to Oak Security, so the v2 Security Audit report was good to be published by Oak Security.
23rd August : Oak Security published the v1.5 of the report (corresponding to the v2 Security Audit):
https://github.com/oak-security/audit-reports/commit/8f30dd4b59eae97194fb612aa8e773824a37bf65,
https://x.com/SecurityOak/status/1959100461924880645
Reports:
- Security Audit (v1) Report:
https://github.com/oak-security/audit-reports/blob/7ca61bfdb5c15babd7bb4fe15ab525ca7391b4cd/Polkadot/2025-06-12%20Audit%20Report%20-%20Polkadot%20micro-sr25519%20v1.0.pdf - Differential Fuzz Testing Report:
https://github.com/oak-security/audit-reports/blob/7ca61bfdb5c15babd7bb4fe15ab525ca7391b4cd/Polkadot/2025-06-12%20Differential%20Fuzz%20Testing%20Report%20-%20Polkadot%20micro-sr25519%20v1.0.pdf - Security Audit (v2, additional independent cryptographic review) Report:
https://github.com/oak-security/audit-reports/blob/7ca61bfdb5c15babd7bb4fe15ab525ca7391b4cd/Polkadot/2025-08-22%20Audit%20Report%20-%20Polkadot%20scure-sr25519%20v1.5.pdf
Oak Security’s researchers/auditors/team composition for the scope:
- POC: Philip Stanislaus
- Main Security Audit (1st Stream):
- Kateryna Yakovenko (Project Manager)
- Christian Vari (Lead Auditor)
- Colin (Auditor)
- Denis Kolegov (Auditor)
- Mohit Vashistha (Auditor)
- Differential Fuzz Testing (2nd Stream):
- Antonio Viggiano (Fuzz Tester)
- Additional Security Audit (3rd Stream):
- Nadim (Senior Cryptography Auditor)
Edgetributor SubDAO’s role: (not incentivised through dotPAL)
- Scouting for auditing firms with cryptography experience.
- Offerings comparison and analysis between the firms.
- Proposal drafting to dotPAL bounty for the selected auditing firm i.e. Oak Security.
- Service agreement’s legal review and signing utilizing the legal entity of Edgeware DAO Association at no cost.
- Liquidation of the funds to USDC as Oak Security requested payment in USDC on Ethereum.
- Relay the feedback/changes between Paul Miller and Oak Security as Paul prefers email communication.
- Delivery-based payment disbursements to Oak Security.
- Follow-ups on audit reports publishing and notify Polkadot-JS maintainers to adopt the scure-sr25519 package.
- Facilitate all the relevant necessities requested by Oak Security, Paul Miller and dotPAL bounty curators.
Trace of Funds:
- Liquidation {DOT to 34500 USDC}:
- Hydration DCA: https://hydration.subscan.io/extrinsic/7457278-2
- Payments to Oak Security {Hydration to Ethereum}:
- 17200 USDC, first 50% part of the fee:
- 17200 USDC, remaining 50% part of the fee:
- Buffers returned to dotPAL bounty treasury:
- Liquidation Buffer: https://polkadot.subscan.io/extrinsic/25840823-2
(Didn’t use it at all! In fact returned more DOT than the 10% Liquidation Buffer corresponding to all unused DOT, due to the positive price movement.) - Extrinsic/Bridging Fee Buffer: https://polkadot.subscan.io/extrinsic/26505698-2
(10.151 USD out of 100 USDC used, 89.849 USDC converted to DOT and returned.)
- Liquidation Buffer: https://polkadot.subscan.io/extrinsic/25840823-2