We take security seriously at Trust Stack Network. If you believe you have found a security vulnerability, please report it to us following these guidelines:

1. Do NOT open a public issue
2. Do NOT discuss the vulnerability in public channels
3. DO email security@tsn.network with:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact assessment
   • Suggested fix (if any)

• 24 hours: Acknowledgment of receipt
• 72 hours: Initial assessment
• 7 days: Fix development or mitigation plan
• 30 days: Coordinated disclosure (if applicable)

Critical vulnerabilities in consensus, cryptography, or network layers may be eligible for a bug bounty. Contact security@tsn.network for details.

TSN implements multiple layers of post-quantum security:

1. ML-DSA-65 (FIPS 204): Digital signatures
2. Plonky2 STARKs: Zero-knowledge proofs
3. Poseidon2: Quantum-resistant hash function

• Network: Can intercept, modify, delay, or drop messages
• Compute: Has access to quantum computers (future threat)
• Byzantine: Can control up to f < n/3 validators

1. Signature Aggregation: Not yet implemented (planned v0.2)
2. Light Client: In development (planned v0.3)
3. Formal Verification: Partial (ongoing)

See docs/security/PANIC_AUDIT_REPORT.md for ongoing security improvements.

• All unwrap() reviewed in crypto/consensus modules
• Fuzzing targets pass 1M+ iterations
• Property-based tests pass
• Adversarial scenarios tested
• Dependencies audited (cargo audit)
• No unsafe blocks in hot paths
• Timing attack review completed

• Panic rate monitoring
• Invalid transaction rate
• Network partition detection
• Consensus stall detection

• Email: security@tsn.network
• PGP Key: security@tsn.network.asc
• Emergency: +1-XXX-XXX-XXXX (24/7 hotline)

• OWASP Blockchain Security
• NIST Post-Quantum Cryptography
• CWE Top 25

Last updated: 2024