Audits
No published audit attached
This repository does not currently ship a third-party cryptographic audit report. Treat all cryptographic code in wallet-unit-poc/ as research-grade and unsuitable for production deployments without independent review.
When an audit completes, this page will be updated with:
- the vendor and report URL or PDF;
- the commit hash audited;
- a short summary of scope, findings, and remediation status.
Reporting a vulnerability
Coordinated disclosure procedure is in SECURITY.md. The short version: email security@pse.dev, do not open a public issue.
Self-review and CI coverage
In lieu of an external audit, the following internal coverage exists:
- End-to-end Vitest suite (
wallet-unit-poc/openac-sdk/tests/e2e.test.ts): exercises ES256 issuance, SD-JWT parsing, predicate composition, prove, reblind, and verify across the WASM bridge. - Circom test suite (
wallet-unit-poc/circom/tests/): per-template constraint coverage, including predicate evaluation and ECDSA verification gadgets. - Rust prover/verifier integration tests (
wallet-unit-poc/ecdsa-spartan2/tests/). - CI workflows (
.github/workflows/): each of the above runs on pull requests againstmain.
Track audit coordination via the zkID 2026 roadmap.