TSS ECDSA CLI Secure Code Review Technical Report

This technical report documents the TSS ECDSA CLI Secure Code Review conducted by Kudelski Security for Uniwire. The assessment took place remotely from February 6 to February 26, 2025, with the objective of evaluating the overall security posture of the client's code and identifying potential risks. The report outlines the scope of the review, which focused on specific Rust files related to the tss-ecdsa-cli project. Key findings include several vulnerabilities, such as a logical error in small factors check and insufficient authentication in signing room access control. The report categorizes these findings by severity and provides detailed descriptions of each issue along with recommendations for remediation. It also includes observations regarding the code structure and communication during the review process. The report emphasizes that while efforts were made to identify vulnerabilities, no audit can guarantee the absence of all security issues.