Skill Issue Dev | Dax the Dev
search
↑ github.com ← all notes

Security doc + status analysis for the SDK

Wrote up the SECURITY.md plus a “current status” analysis. The status analysis is the doc I wish more crypto SDKs shipped: an honest table of what’s audited, what’s not, and what’s “implemented but please don’t run this in production yet”.

The threat model section is short. Three lines:

  1. The SDK assumes the host machine is not compromised.
  2. The SDK does not protect against rubber-hose cryptanalysis.
  3. Anyone running this on devnet, sweet. Anyone running this with mainnet money, talk to me first.