What type of security audits has Monero received?
Since this question already addressed cryptographic review of the Monero protocol, I am primarily interested in Monero source code and implementation audits. If audits have taken place have results been published in a manner similar to this?
As well as the informal review of CryptoNote provided to the Monero team by SURAE NOETHER here, the source code is available on monero-project's github here.
These slides also review the protocol. A possibly important note from those slides about the spec that isn't found anywhere else is given after slide 28, saying:
apparently 2 bad random r in monero same user, make the attacker who has 2 view keys v also, able to compute a linear relation between their e keys used to spend... nc, 07/10/2016
Edit: I think I know the relation nicolas is referring to -- if we simplify the stealth formula to A + H(S_1)G, A + H(S_2)G, so the private keys are
a + H(S_1) and a + H(S_2), the linear relation between the spend keys is equal to the linear relation between the public keys. something not mentioned is that this also would mean the master spend key can be computed from any leaked spendkey. So don't share your spendkeys, even after use!
Also this paper deanonymising rings with small size: monerolink, and this one tooo: A Traceability Analysis of Monero’s Blockchain. Community response to the monerolink paper can be found here.
As far as I'm aware, there were no "formal" reviews, as in an outside third party is hired for the purpose, and publishes a review document.
The Cryptonote whitepaper was reviewed by a cryptographer, and an informal review is available (https://downloads.getmonero.org/whitepaper_review.pdf).
Some of the code was kinda reviewed by way of being forked and maintained by the new Monero developers, and some bugs fixed, but that's probably not quite what you're after.
