security_review/audit/topics/consensus_spec_integrity.md

# SpaceCash Security Review Topic: consensus_spec_integrity

- Severity if failed: `high`
- Status: `not_reviewed`
- Reviewer:
- Reviewed at:

## Required Questions

- [ ] Does the published consensus spec accurately describe runtime fork-choice, producer, checkpoint, and sync behavior?
- [ ] Can a release bundle be reviewed against the same consensus spec hash exposed by the node API?

## Expected Controls

- consensus_spec_hash
- release manifest check
- bundle consensus_spec.json
- daemon /consensus/spec

## Evidence Collected

- Source files reviewed:
- Commands/tests run:
- Artifacts reviewed:

## Findings

- None recorded yet.

## Closure Notes

- Decision: `not_reviewed`
- Notes: