Keyring Network

Introduction

Keyring delivers a zero-knowledge compliance layer that lets on-chain applications keep full liquidity while enforcing KYC/AML-style policies.

Its Core V2 upgrade refactors credential creation, fee collection, and RSA signature verification for faster gas and simpler policy management.

Why Did They Need an Audit?

Core V2 controls how credentials are minted, how keys are managed, and how RSA proofs are verified. Any arithmetic or cryptographic slip-up could grant unlimited-duration credentials or allow forged proofs, breaking the entire compliance model. Three Sigma performed a four-day deep dive ahead of main-net deployment.

Results and Findings

Key Critical Issue

Credential fields can be manipulated via silent down-casts

• Description: createCredential() down-casts policyId, epoch, epochExp, and cost before they enter the RSA-signed message. A signer uses the smaller values, but a caller can pass the same lower bits plus malicious high bits, inflating expiry to uint64 range or setting epoch far in the future.
• Resolution: All casts now go through OpenZeppelin’s SafeCast, and a per-signature nonce is planned for Core V3. Patch shipped in commit af37b1d.

Notable Medium-Severity Issues

1. RSA key size hard-coded to 1024 bits
   • Description: Modern attacks have broken keys under 829 bits; 1024 bits gives minimal margin. Original library recommends 2048 bits.
   • Recommendation: Double modulus length to 2048 bits.
   • Status: Implemented in commit 02b0fa2.
2. Modified pkcs1Sha256() weakened signature sanity checks
   • Description: A refactor removed the explicit 0x00,0x01 header check, allowing malformed paddings like 0x01,0x01 to slip through. Also, an unreachable branch referenced the wrong digest length (111 vs 17).
   • Recommendation: Restore original optimized assembly.
   • Status: Fixed in the same patch 02b0fa2.

Notable Low-Severity Issues

1. Hard-coded 2300-gas transfer() in collectFees()
   • Risk: May break with smart-contract wallets or future gas schedule changes.
   • Fix: Switched to Address.sendValue() (commit ffe8b11).
2. Missing events for admin changes
   • Fix: AdminSet events added in constructor and setAdmin() (commit ffe8b11).
3. Single-step admin transfer
   • Recommendation: Migrate to a two-step “pending admin / accept” flow akin to Ownable2Step.
   • Status: Acknowledged for roadmap.

In conclusion

Over a four-day sprint, Three Sigma reviewed 422 lines of delta code in Keyring Core V2. The audit surfaced a critical cast-padding vulnerability and two medium-severity cryptography flaws, all of which are already patched. With additional gas-safety tweaks, admin-event logging, and style improvements, Core V2 now ships with hardened credential lifecycles and a 2048-bit RSA verification path. Remaining governance enhancements (two-step admin) are queued for the next release, positioning Keyring for a safer main-net rollout.