security_review/audit/topics/wallet_recovery_custody_boundary.md

# SpaceCash Security Review Topic: wallet_recovery_custody_boundary

- Severity if failed: `high`
- Status: `not_reviewed`
- Reviewer:
- Reviewed at:

## Required Questions

- [ ] Does the published wallet policy accurately describe encrypted backup, address versioning, recovery gaps, and custody limits?
- [ ] Can private keys leak through server routes, logs, release bundles, or candidate artifacts by default?
- [ ] Are lost-key and compromised-key procedures adequate before production use?

## Expected Controls

- wallet_policy_hash
- encrypted backup envelope
- no default private key bundle
- manual custody gate

## Evidence Collected

- Source files reviewed:
- Commands/tests run:
- Artifacts reviewed:

## Findings

- None recorded yet.

## Closure Notes

- Decision: `not_reviewed`
- Notes: