Security
Audits, in the open.
Every contract and circuit Hvisk runs goes through an independent audit before it touches mainnet. Reports are published here in full.
Schedule.
| Scope | Firm | Date | Status |
|---|---|---|---|
| HviskPrivacyPool · v0.1 | OtterSec | Scheduled · Q3 2026 | Pending |
| Groth16 prover circuits | Zellic | Scheduled · Q3 2026 | Pending |
| SMS gateway · Ed25519 verifier | Trail of Bits | Scheduled · Q4 2026 | Pending |
| x402 facilitator · Settlement logic | Halborn | Scheduled · Q4 2026 | Pending |
Process.
Code is frozen at a release candidate. The audit firm receives the full repository and a threat model document. Findings are categorised by severity (Critical, High, Medium, Low, Informational). We respond to each finding in writing; remediations are reviewed in a second pass before publication.
Trust assumptions.
We assume the underlying cryptographic primitives are sound, the Solana runtime executes as specified, and the BN254 trusted setup performed by the Solana ZK community is honest. We do not assume the SMS carrier, the relayer, or any centralised party is trustworthy.