security_review/ATTACK_SURFACE.md

1532 bytes
Bundle Index Verify JSON 
# SpaceCash Attack Surface

## Cryptography And Wallets

- P-256 signature verification over canonical JSON.
- Address derivation from canonical public JWK.
- Signed payload fields: `chain_id`, version, action, sender, amount, nonce.
- Browser encrypted wallet backup envelope.
- Versioned wallet recovery/custody policy and wallet policy hash.

## Ledger And Mempool

- Fixed-supply monetary policy and monetary policy hash.
- Devnet-to-mainnet genesis/allocation plan and plan hash.
- Genesis allocation schema, allocation hash, and verifier.
- Balance accounting and total supply invariant.
- Per-address nonce table and pending mempool uniqueness.
- Transaction inclusion proofs and block Merkle roots.
- Product-payment receipt generation and status updates.

## Blocks And Node Sync

- Versioned devnet consensus specification and consensus spec hash.
- Versioned blocks, producer ids, producer seals, and producer allowlist.
- Chain snapshots with wallet public keys.
- Append-only fork-choice, sync previews, guarded imports, backup/rollback.
- Peer registry, bootstrap peers, gossip discovery, and peer checks.

## Validator Checkpoints

- Validator wallet registration.
- Checkpoint payload binding to chain id, height, block hash, and chain digest.
- Quorum evaluation and vote audit.

## Deployment Boundary

- Daemon HTTP routes currently assume local/devnet deployment.
- Authentication, CORS, rate limits, TLS, logging, monitoring, and abuse handling remain production blockers.