KuberCoin Docs

Audit Scope

Security audit scope, critical paths, and supporting materials.

Executive summary

This page outlines the trust-critical surface prepared for an external security audit. It focuses on the code paths that can affect consensus, user funds, cryptographic correctness, and public network behaviour.

Critical path

  • Consensus rules - core/consensus/src/
  • Transaction validation - crypto/tx/src/
  • Script interpreter - crypto/tx/src/script_interpreter.rs
  • Proof-of-work - core/consensus/src/pow.rs
  • Difficulty adjustment - core/consensus/src/difficulty.rs
  • Key management - crypto/tx/src/wallet_crypto.rs
  • HD wallet derivation - crypto/tx/src/hd_wallet.rs

High priority

  • P2P message parsing
  • Block and transaction deserialization
  • Mempool logic
  • Storage layer
  • RPC authentication and rate limiting

Experimental

  • Lightning Network
  • Pedersen commitments
  • Range proofs
  • EIP-155 signing
  • Silent Payments

Out of scope

  • Web frontends and browser extensions
  • DevOps infrastructure and CI/CD workflows
  • Documentation and marketing materials

Existing security controls

  • cargo audit and cargo deny check run in CI.
  • cargo clippy and workspace tests enforce the Rust baseline.
  • Fuzzing covers consensus, transport, wallet, and RPC paths.
  • CodeQL and OpenSSF Scorecard are part of the public security pipeline.

Known limitations

  • No external audit yet.
  • Lightning and EVM bridge features remain experimental.
  • Formal verification has not started.

Supporting materials

Audit tracker

  • External audit engagement - pending
  • Code remediation - pending
  • Public provenance - pending
  • Follow-up verification - pending

Contact

  • Security reports: connect@kuber-coin.com
  • Repository: open.kuber-coin.com
  • Acknowledgment SLA: 48 hours
  • Follow-up SLA: 7 business days