Resources

Security Model

Security assumptions, audit status, known limitations, and responsible disclosure for Permissionless Technologies SDKs.

Tech Preview

All Permissionless Technologies SDKs are currently in tech preview on testnets. None have been security audited. Do not use with real funds or in production.

Security Model

Current Status

ComponentNetworkAuditStatus
UPP ContractsSepoliaNoneTech Preview
UPP SDKnpm (private)NoneAlpha
UPC ContractsSepoliaNoneTech Preview
UPC SDKnpmNoneAlpha
UPD ContractsSepoliaNoneTech Preview
UPD SDKnpm (private)NoneAlpha

Cryptographic Assumptions

UPP (SNARK mode)

AssumptionPrimitiveImpact if Broken
Discrete log hardBabyJubJubSpending keys compromised
Collision resistancePoseidonNote forgery
Proof soundnessGroth16/BN254Invalid transactions accepted
Encryption securityAES-256-GCMNote contents exposed
Trusted setup integrityPowers of TauProof forgery (undetectable)

UPP (STARK mode)

AssumptionPrimitiveImpact if Broken
Collision resistanceKeccak-256Proof forgery
Hash preimage resistanceKeccak-256Key extraction

The STARK mode has no trusted setup requirement and is secure against quantum computers (see Post-Quantum Analysis).

UPC

AssumptionPrimitiveImpact if Broken
Discrete log hardBLS12-381Proof forgery
Collision resistancePoseidon-BLS12-381Tree manipulation
Universal setup integrityPowers of TauProof forgery

UPD

AssumptionPrimitiveImpact if Broken
Oracle accuracyChainlink + Uniswap V3Incorrect mint/burn price
stETH pegLidoCollateral devaluation
Contract correctnessSolidity 0.8.29Fund loss

Trust Assumptions

ComponentTrust RequiredWhat Happens Without It
Smart contractsCode correctnessFund safety
ASP operatorsHonest list maintenanceCompliance accuracy
Price oracleAccurate price feedIncorrect UPD valuation
FrontendNo key loggingKey exposure

What We Don't Trust

  • Observers: Cannot see transaction details (ZK proofs hide contents)
  • Miners/validators: Cannot censor specific users by identity
  • Other pool users: Cannot steal or forge notes

Known Limitations

UPP Privacy Limitations

  • Metadata leakage: Transaction timing, gas costs, and shield/unshield amounts are visible
  • Anonymity set: Privacy improves with more users — small pools offer less privacy
  • Timing analysis: Quick shield→unshield cycles may be linkable

UPP Functional Limitations

  • Proof generation time: 10-30 seconds per SNARK proof (browser WASM)
  • Scanning time: Must scan the entire event history to find your notes
  • No ETH support: ETH needs ERC20 wrapping first

UPC Limitations

  • Root TTL: Proofs against expired roots are rejected — ASPs must publish regularly
  • No revocation within TTL: Once a root is published, it's valid for its entire TTL
  • ASP quality: UPC verifies proof validity, not the quality of an ASP's compliance checks

UPD Limitations

  • Oracle dependency: Incorrect price feed leads to incorrect mint/burn ratios
  • stETH depeg risk: Severe stETH devaluation could undercollateralize the system
  • sUPD liquidity risk: Unstaking may be blocked at 100% collateral utilization

Audit Plan

Planned Audits (Before Mainnet)

ScopeTarget AuditorsTimeline
UPP smart contractsTBDBefore mainnet
UPP ZK circuitsTBDBefore mainnet
UPC smart contractsTBDBefore mainnet
UPD smart contractsTBDBefore mainnet
Cryptographic reviewTBDBefore mainnet

Previous Reviews

None — tech preview stage.

Responsible Disclosure

If you discover a security vulnerability:

  1. Do not publicly disclose until a fix is available
  2. Do not exploit the vulnerability
  3. Contact us via Telegram or email
  4. Include detailed reproduction steps and impact assessment
  5. Allow reasonable time for investigation and fix

We will acknowledge valid reports and credit researchers in our security advisories.

Operational Security for Integrators

When integrating UPP:

  • Always use the latest SDK version
  • Validate all user inputs before passing to SDK
  • Handle proof generation failures gracefully
  • Never log or persist viewing keys or spending keys
  • Test on testnet before mainnet deployment
  • Monitor for unusual withdrawal patterns

When operating a UPC ASP:

  • Use a production-grade database (not in-memory storage)
  • Monitor for unexpected membership changes
  • Set alerts for root publish failures
  • Backup your operator key
  • Rate-limit the proof generation API

When integrating UPD:

  • Verify the oracle address is the canonical deployment
  • Check collateralization ratio before large mints
  • Implement slippage protection (minUpdOut, minStEthOut)
  • Monitor the system health endpoint

Disclaimer

UPP, UPC, and UPD are experimental software. The developers make no warranty of any kind. Users and integrators are responsible for assessing risks appropriate to their use case. Nothing in this documentation constitutes financial, legal, or regulatory advice.

Comparisons

How Permissionless Technologies SDKs compare to existing solutions — Privacy Pools, Railgun, Tornado Cash, and major stablecoins.

On this page

Security ModelCurrent StatusCryptographic AssumptionsUPP (SNARK mode)UPP (STARK mode)UPCUPDTrust AssumptionsWhat We Don't TrustKnown LimitationsUPP Privacy LimitationsUPP Functional LimitationsUPC LimitationsUPD LimitationsAudit PlanPlanned Audits (Before Mainnet)Previous ReviewsResponsible DisclosureOperational Security for IntegratorsDisclaimer