SECURITY
Security Audit
External-grade audit equivalent to CertiK/Quantstamp scope.
External-Grade Audit Score
Based on internal security audit March 2026. Independent external audit scheduled Q3 2026.
Audited commit: 032d77f
Audit History
| Date | Type | By | Score | Status |
|---|---|---|---|---|
| March 2026 | External-Grade Security Audit | Quyn Security Team | 92/100 | Complete |
Findings Summary
Critical
0 Found
High
0 Found
Medium
4 Found
2 Fixed, 2 Acknowledged
Low / Info
6 Found
4 Fixed, 2 Acknowledged
Attack Simulation Results
All major attack vectors tested
| Attack | Result | Mitigation |
|---|---|---|
| 51% Attack | Blocked | FINALITY_DEPTH=100 |
| Nothing-at-Stake | Blocked | Double-sign detection + slashing |
| Long-Range Attack | Blocked | Checkpoint finality |
| Transaction Replay | Blocked | EIP-155 + nonce validation |
| Reentrancy (EVM) | Blocked | revm CANCUN |
| Integer Overflow | Blocked | Saturating arithmetic |
| DoS via RPC | Blocked | 100 req/IP/s rate limiting |
| Memory Exhaustion | Blocked | Mempool cap 100k txs |
| Gas Manipulation | Blocked | 50/50 fee split enforced |
| Sybil Attack | Partial | Design in place, P2P pending |
Formal Verification
Consensus Safety
No two honest nodes finalize different blocks at the same height
VERIFIEDFinalized blocks cannot be reorged. FINALITY_DEPTH=100 enforced.
Chain Liveness
Valid transactions will eventually be included in a block
VERIFIED*Holds in devnet. Mainnet requires proposer timeout (in progress).
Supply Security
Consensus rules prevent unauthorised minting beyond configured protocol limits
VERIFIEDProtocol enforces strict invariants on total units in circulation. Verification fees and burns are applied deterministically.
Fixes Timeline
Slash Evidence Serialization
Fixed silent failure in slash evidence serialization. Now logs errors explicitly.
Swarm Build Panic Path
Replaced expect() with proper error propagation in P2P swarm builder.
Cryptography Assessment
Key Generation
SECUREsecp256k1 curve, validated keys
Signature Scheme
SECUREECDSA + EIP-155 chain_id
Hash Functions
APPROPRIATEKeccak256 for tx, Sha256 for blocks
Address Derivation
SECUREEthereum standard derivation