Security Review

Public security review scope.

This page defines the review package for external reviewers. It is a request for validation, not a claim that a third-party audit is complete.

HomeValidationDisclosure

Review targets

Public routing, nginx/static deployment, wallet prompt language, CAPPS/Capsule access flow, spendability pages, public APIs, and blocked sensitive API paths.

Contracts and tokens

DRK public contract reference, wL6ETH settlement rail references, treasury route claims, liquidity proof pages, and on-chain proof links.

Threat model

Phishing, misleading wallet prompts, exposed internal APIs, false proof claims, route drift, stale sitemap, and public data leakage.

Reviewer request

What an independent reviewer should publish.

ScopeRoutes, contracts, APIs, wallet prompts, deployment, and evidence pages reviewed.
FindingsSeverity, reproduction steps, impact, and affected route or component.
RemediationFix status, retest result, and residual risk.
PublicationPublic report URL or signed PDF after sensitive issues are resolved.