A running record of the internal review performed while building Phase 1. This
is not a substitute for an independent third-party audit (see
COMPLIANCE.md residual items) — it documents what was checked, what was found,
and how it was resolved.
- Every Anchor program is compile-checked (
cargo check --workspace). - Every TS module has
node:testcoverage; the SDK has zero runtime deps. - The Xahau hook is compiled to
wasm32and its state layout/key derivation is asserted to match the SDK byte-for-byte. - Fund-safety paths in
poi-escrowwere reviewed line-by-line for: missing authorization, double-spend, re-entrancy, griefing/DoS, and arithmetic safety.
fulfill/slash/expire transferred the recorded bond.amount, then closed
the vault. The vault is a public SPL account, so anyone could donate 1 token
unit into it; the residual balance would make close_account revert, locking
every resolution path and trapping the bond forever.
Fix: drain the vault's actual balance (vault.amount) on every payout/return,
guaranteeing a zero balance before close. programs/poi-escrow/src/lib.rs.
XahauJsonRpcReader built a ledger_entry { hook_state } request without
namespace_id, which Xahau requires for namespaced hook state. Live reputation
reads would have returned nothing.
Fix: XahauJsonRpcReader now takes a validated 32-byte namespaceId
(default all-zero) and includes it in the request. packages/sdk/src/resolver.ts.
packages/sdk/package.json listed README.md in files but none existed —
npm publish would have shipped a broken package page. Added
packages/sdk/README.md.
- Escrow authorization.
fulfill/slashrequire the bond's recordedverifierto sign (has_one = verifier);expireis permissionless but can only send funds to the constrainedbroadcaster_ata. No theft vector. - Double-resolution. After a terminal state the vault is closed and
state != Open, so a second call fails account validation and theNotOpenguard. - Gossip fee path.
broadcast_intentvalidatestreasury == config.treasurybefore the SOL transfer; the USDC bond is never touched on this layer. - Hook ↔ SDK parity. Key =
SHA-512Half(DID); record = 32-byte BEscore|fulfilled|failed|lastActive;lastActivestored as unix seconds on both sides. Asserted byresolver.test.js. - Relay back-pressure. Inbound is validated, de-duplicated by
intentHash, TTL-evicted, and bounded bymaxIntents; sender is never echoed.
- Reputation magnitude.
decodeReputationreadsu64fields into JS numbers; values above 2^53 lose precision. Reputation scores are small by construction; revisit with BigInt if score ceilings grow. - Bond account rent. Terminal bonds keep their
Bondrecord (≈0.002 SOL rent locked) as an on-chain audit trail; only the vault rent is reclaimed. Closing the record is a future option if rent reclamation is preferred over the trail. - Hook loop guards.
did_hook.cuses a small zeroing loop; the productionhook-cleanertoolchain injects the required_g()guards at build.
Independent contract audit · ZK circuit formal verification · on-validator
anchor test · legal/regulatory review · live testnet round-trip.