There was recently a security audit of Turbo Tunnel software artifacts, including dnstt and Snowflake. I posted the report on the dnstt page: https://www.bamsoftware.com/software/dnstt/cure53-turbotunnel-2021.pdf
The report finds three issues that have to do with Snowflake, rated from Informational to Low.
UCB-02-001: Memory leak in Handler() routine of Snowflake client library (Low) UCB-02-008: Lack of rate limiting in Snowflake and dnstt (Info) UCB-02-009: Brokers and proxies are not authenticated (Low)
For UCB-02-001, I have already opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf....
UCB-02-008 is not a vulnerability, but only a suggestion that rate-limiting interactions may help mitigate certain kinds of resource-exhaustion attacks. Some related tickets are: "Broker needs better resilience against DoS" https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... "Make it more expensive (CPU wise, or other thing) to make the initial connection to a snowflake" https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
UCB-02-009 is something we have already discussed in the team across various issues. I don't know if we can meaningfully authenticate proxies, but the broker's messages ought to be signed and encrypted. "End-to-end confidentiality for Snowflake client registrations" https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... "Authentication for proxy--bridge connections" https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...