- Authentication: Simulated (localStorage/mock); not production-ready
- State: In-memory only; no persistent storage
- Canister Boundaries: Business logic isolated in Motoko canisters
- Frontend: No sensitive data exposed; only
NEXT_PUBLIC_*env vars used - Testing: Automated and manual tests for core flows
- Production Authentication: Integration with Internet Identity or equivalent
- Audit: Third-party security audit planned for post-MVP
- Persistent Storage: Secure, auditable state management
- Governance: On-chain proposal and voting security
- 🚨 CRITICAL: No formal audit completed as of October 2025.
- 🚨 CRITICAL: Smart contracts are UNAUDITED and NOT SAFE for production use.
- 🚨 CRITICAL: No funds should be deposited until professional audit completion.
- All code is open source and available for community review.
- Security issues can be reported via GitHub Issues.
- REQUIRED: Engage reputable auditors (Trail of Bits, OpenZeppelin, CertiK) before any production deployment.
For updates, see this file and project announcements.