Quarkslab has conducted its first independent public audit of the official Bitcoin Core software, which is crucial for the functioning of the Bitcoin network. The audit lasted one hundred days and found no serious vulnerabilities, highlighting the high quality of the code and the security culture of the project.
This is reported by Finway
Audit Features and Key Findings
The audit was carried out by Quarkslab engineers from May to September 2025, and the initiative was funded by the non-profit organization Brink and coordinated by the Open Source Technology Improvement Fund (OSTIF). During the audit, manual code analysis, static and dynamic analysis using automated tools, as well as extensive fuzz testing were employed to identify potential bugs or threats by running the code against automatically generated inputs.
As a result of the audit, the experts found no critical, high, or medium severity vulnerabilities. Only two low-severity issues were identified, along with thirteen other deficiencies that are not classified as vulnerabilities according to Bitcoin Core’s criteria.
“The security assessment focused on a specific area, the P2P part, and on the most impactful attack scenarios that could alter the consensus or availability of the protocol. No serious issues were found, but there was a minor gain in utilizing existing fuzzing tools, as well as new ones that cover untested scenarios, such as chain reorganization,” the company summarized.
Feedback from Audit Participants and Future Development of Bitcoin Core
One of the auditors, Robin David, noted that the audit was the result of months of hard work, as the complexity of the audit was due to both the maturity of the code and the demands for security.
“Months of tireless work finally paid off: our security audit of Bitcoin Core! It is both a blessing due to the maturity of the code and the security culture, and a curse because of the complexity of the task!”
During the audit, the experts also developed recommendations for further strengthening security, which will contribute to the development and resilience of the Bitcoin Core ecosystem. It is worth noting that the Bitcoin Core team recently released an updated version of the software — v30.0.