Bitcoin Core has successfully completed its first-ever independent security audit, with results indicating that the software underpinning the world’s largest decentralized network is highly robust and mature.
The audit — carried out by French security firm Quarkslab and commissioned by OSTIF on behalf of Brink — focused on Bitcoin Core’s most critical components, including the peer-to-peer (P2P) networking layer and block validation logic. The review spanned 104 days, from May to September.
Quarkslab’s report described Bitcoin Core as “the most mature and well-tested” codebase evaluated by the firm, despite its scale: more than 200,000 lines of C++ and over 1,200 existing tests.
The auditors uncovered no high- or medium-severity vulnerabilities, reporting only two low-severity issues and several recommendations for improving fuzzing harnesses and test coverage. None of the findings affected consensus rules, denial-of-service resistance, or transaction validation.
Reviewers find no exploitable bugs
The audit placed significant focus on Bitcoin’s P2P networking layer — the system that relays blocks, transactions and peer discovery across roughly 125 connections per node. Reviewers found no cases in which malicious data could bypass validation or evade the ban mechanism designed to isolate misbehaving peers.
The team also reviewed mempool behavior, chain-state transitions and chain reorganization handling — all areas where subtle bugs could cause network-wide disruption. No exploitable vulnerabilities were found in these components either.
“No significant security issues were identified. Most recommendations focus on refining existing fuzzing harnesses to further improve their effectiveness and coverage,” the report concluded.
Bitcoin Core vs. Knots debate
The audit arrives amid a simmering dispute between supporters of Bitcoin Core and Bitcoin Knots. Sparked by the Bitcoin Core v30 update, the debate centers on whether non-financial data should be permitted on the blockchain, with critics warning that recent changes could “open the floodgate” to spam.
Knots proponents argue that filtering such data is necessary to prevent illegal or unethical material from being embedded on-chain. Bitcoin Core developers counter that imposing filters would fragment the network, confuse users and contradict Bitcoin’s foundational principles of neutrality and openness.
Galaxy Digital head of research Alex Thorn noted that most institutional Bitcoin investors appear largely unaffected by the controversy. In a poll of 25 institutional clients, 46% said they were unaware of the dispute, 36% said they didn’t care, and the remaining 18% sided with Bitcoin Core.
