security_review/security_review_evidence_workbench.json
5263 bytes
{
"artifacts": [
{
"exists": true,
"path": "docs/spacecash/SECURITY_AUDIT_SCOPE.md",
"sha256": "3BC3CAF657A57C49229933301BDD1FC9C2133A78F89BF4DF9D7E067478B0D8D3"
},
{
"exists": true,
"path": "docs/spacecash/THREAT_MODEL.md",
"sha256": "AFD89190A4C0B763387E6358A242BBC047E2032568B64D6B792FD8715F77A46A"
},
{
"exists": true,
"path": "docs/spacecash/MAINNET_GATE.md",
"sha256": "C41DAD804A8461829733E15722B1939123E3E4F3D4BC18E2080D5E397C0DEAB0"
}
],
"auditor": {
"contact": "",
"firm": "",
"independence_statement": "",
"name": "",
"signed_scope_path": "audit/scope/signed_scope_template.md",
"signed_scope_sha256": ""
},
"chain_id": "spacecash-devnet-1",
"closure": {
"accepted_risks": [],
"approved_for_release": false,
"auditor_statement": "Use audit/closure/auditor_closure_template.md for the final closure statement.",
"closed_at": "",
"status": "not_started"
},
"findings": [
{
"accepted_risk_justification": "",
"closure_evidence": "audit/findings/SCAUD-001-template.md",
"component": "",
"id": "SCAUD-001",
"remediation": "",
"severity": "high",
"status": "open",
"summary": ""
}
],
"manual_gate": {
"id": "external_security_review_complete",
"reason": "External auditor findings, remediation evidence, accepted-risk record, and final closure are required.",
"status": "not_complete"
},
"mode": "spacecash-external-security-review-evidence-v1",
"protocol_hashes": {
"consensus_spec_hash": "02FC7BE0A5DDE8D5D95EDA14BD8D1F195BB680D1D853123ABD89F8BBDAF85E5B",
"genesis_allocation_hash": "131ED3AD0536152AB3D6590D7804DCF614206617DEAE41D238905913E36944E1",
"genesis_plan_hash": "55D62969DFEE8460989A8A36D59F37D78CFB8BAF48DE44BF7B991FE61DFEEC27",
"monetary_policy_hash": "5C4C51D443B91EF950B0E3FCC2A653F14C650E2316CACF2D93740CE180496B64",
"wallet_policy_hash": "239750DE7AC4374A298EED8124925E8193B8D16FA966E0D6FBB256B873F422C8"
},
"remediation": {
"all_critical_high_closed": false,
"evidence_paths": [
"audit/findings/SCAUD-001-template.md"
],
"notes": "",
"reviewed_remediation_hash": ""
},
"reviewed_source_hash": "EDBB518F077F0B26281B2FB653E456AEDB268EC022522B021A57ACEB62ED45C6",
"scope": {
"topics": [
{
"evidence": "audit/topics/signature_payload_binding.md",
"id": "signature_payload_binding",
"notes": "",
"reviewer": "",
"severity_if_failed": "critical",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/nonce_and_mempool_replay.md",
"id": "nonce_and_mempool_replay",
"notes": "",
"reviewer": "",
"severity_if_failed": "critical",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/ledger_supply_and_blocks.md",
"id": "ledger_supply_and_blocks",
"notes": "",
"reviewer": "",
"severity_if_failed": "critical",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/snapshot_sync_import.md",
"id": "snapshot_sync_import",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/consensus_spec_integrity.md",
"id": "consensus_spec_integrity",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/monetary_policy_integrity.md",
"id": "monetary_policy_integrity",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/genesis_allocation_boundary.md",
"id": "genesis_allocation_boundary",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/genesis_allocation_schema.md",
"id": "genesis_allocation_schema",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/wallet_recovery_custody_boundary.md",
"id": "wallet_recovery_custody_boundary",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/checkpoint_quorum.md",
"id": "checkpoint_quorum",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
},
{
"evidence": "audit/topics/daemon_exposure.md",
"id": "daemon_exposure",
"notes": "",
"reviewer": "",
"severity_if_failed": "high",
"status": "not_reviewed"
}
]
},
"security_packet_sha256": "",
"status": "not_started",
"version": 1
}