Quarkslab has conducted its first public independent audit of the official Bitcoin Core software, which is crucial for the operation of the Bitcoin network. The audit lasted for 100 days and marked the first open audit of this software on such a scale.
This is reported by Business • Media
Audit Methodology and Key Findings
The project was organized with the support of the non-profit organization Brink and coordinated by the Open Source Technology Improvement Fund (OSTIF). The audit took place from May to September 2025. Quarkslab engineers manually assessed the code, employed static and dynamic analysis, and utilized advanced fuzz testing to identify potential threats. Specifically, automatically generated inputs were fed through various sections of the code to uncover possible errors or risks.
As a result of the audit, the specialists found no critical, high, or medium-severity vulnerabilities. Only two low-severity vulnerabilities were identified, along with thirteen other issues that, according to Bitcoin Core’s criteria, are not classified as vulnerabilities. The team paid particular attention to the P2P component of the software and attack scenarios that could affect the consensus or availability of the protocol.
“The security assessment focused on a specific area, the P2P part, and on the most impactful attack scenarios that alter consensus or availability of the protocol. No serious issues were found, but a minor gain was achieved in the use of existing fuzzing tools, as well as new ones covering untested scenarios, such as chain reorganization,” the company summarized.
Participants’ Impressions from the Audit
One of the audit participants, Robin David, noted that conducting the audit was the result of months of hard work. He emphasized that the maturity of the code and the high security culture are strengths of Bitcoin Core, but at the same time, this complicates the audit due to the complexity of the system itself.
It is worth noting that the Bitcoin Core team recently released a new version of the software – v30.0, which indicates the ongoing development and improvement of the Bitcoin network.