From Sep. 9, 2024 to Sep. 11, 2024, Kadena engaged Veridise to conduct a security assessment of the source code of what would eventually become version 1.0.2 of Kadena Snap. Specifically, the security assessment covered an update to a closed-source version of the snap that was previously reviewed by Veridise security analysts . Compared to the previous version, the new version simplifies the account management logic and introduces support for storing hardware accounts. Veridise conducted the assessment over 6 person-days, with 2 security analysts reviewing the project over 3 days. The review strategy involved a manual code review of the program source code performed by Veridise security analysts.

Following the security assessment, the Kadena Snap developers migrated the code to the open source kadena-community/kadena.js repository on GitHub and released the snap as the npm package @kadena/snap@v1.0.2. The Veridise security analysts have confirmed that the Git commit indicated by npm’s provenance data, 16c65fe15e6727cb9a03b8a0fd46166ebb02fadb, corresponds to the code that was reviewed, except for some minor cosmetic changes to the confirmation dialog for signing transactions