| Copying comment from previous thread: Systemic issues: * Creds scattered throughout source code, including DB / AWS creds, "fixed" by removing but still present in git history * Numerous crypto vulns: nonces / AES-ECB * What's even the point of blockchain, it just makes everything worse Selected quotes: "Trail of Bits was only provided a backend for live testing on the second-to-last scheduled day of the assessment" "The system is unusually complex, with an order-of-magnitude more custom code than similar mobile voting systems we have assessed." "Voatz's voting processes are error prone and manual, relying on manual verification of voter identity and long-term storage of this identity on Voatz's premises" "E2E-V systems allow voters to cast encrypted ballots such that ballot counts are verifiable to anyone, but individual voters’ preferences are not revealed. ... Voatz is not E2E-V." "Storing voting data on a blockchain maintains an auditable record to prevent fraud, but this comes at the expense of both privacy and increased attack surface. Clients do not connect directly to the blockchain themselves, and are therefore unable to independently verify that their votes were properly recorded. Anyone with administrative access to the Voatz backend servers will have enough information to fully reconstruct the entire election, deanonymize votes, deny votes, alter votes, and invalidate audit trails." |