Sequential PoW dependency chains, memory-hard mining, consensus-enforced integer arithmetic, layered bond deterrence, entropy-derived audits, and dual-gate emergency authorization. Security is structural, not promised.
Each ConvergenceX attempt requires 4 GB RAM and 100,000 sequential rounds. Even an attacker with unlimited CPUs cannot speed up a single attempt — parallelism only adds more independent attempts.
| Property | Value |
|---|---|
| RAM per attempt | 4 GB (scratchpad) |
| Rounds per attempt | 100,000 (strictly sequential) |
| Intra-attempt parallelism | Eliminated by state dependency |
| Inter-attempt parallelism | Multiple cores = multiple independent attempts |
| ASIC advantage estimate | Low multiples over modern CPUs |
| Difficulty adjustment | ASERT per-block, stable regardless of hashrate |
The bond does not make fraud impossible — it makes it costly. Four layers of deterrence combine to make large-scale systematic fraud economically irrational.
Up to 30% of gold value locked as SOST bond. Immediate financial cost on slash. Bond is fully lost and redistributed to PoPC Pool and Gold Vault.
Permanent record. Stars reset to zero. Future contracts blocked at all levels. Rebuilding reputation requires starting from scratch with 0.5 oz limits.
Known fraudulent wallets excluded at the application layer. This is not consensus and does not affect the base chain — it is PoPC policy enforcement.
New users (0 stars) can only commit 0.5 oz maximum. Large commitments require proven track record (5 stars = max 10 oz). Slow unlock prevents mass fraud.
| Property | Analysis |
|---|---|
| Audit source | ConvergenceX block entropy triple (block_id, commit, checkpoints_root) |
| Predictability | None — depends on 100K-round PoW that hasn't occurred |
| Influence | No party can predict or influence the schedule |
| Post-audit fraud window | Next random audit within the period (5-30% probability) |
| Detection cost | Full bond slash |
| Continuous custody | Historical balance sampling at deterministic checkpoints |
| Property | Analysis |
|---|---|
| Consensus oracle dependency | None — all consensus uses chain-internal data only |
| Bond price source | 7-day TWAP of CEX prices (resistant to single-block manipulation) |
| Price data role | Advisory for PoPC bond sizing, not consensus-critical |
| User consent | Required — user signs exact bond terms before submission |
| Malicious bulletin | Users simply refuse to sign — no funds at risk |
The asymmetric cASERT policy prevents attackers from exploiting difficulty relaxation.
| Scenario | Signal | cASERT Response |
|---|---|---|
| Attacker with high hashrate | Chain fast (negative signal) | NORMAL mode — no relaxation |
| Genuine hashrate drop | Chain slow (positive signal) | Relaxed stability — liveness preserved |
| Attacker benefit | None — stability requirements remain at maximum | |
Relaxed stability is only available when the chain needs help (hashrate dropped), never when an attacker is dominating. This is the correct security trade-off.
| Scenario | Response |
|---|---|
| Critical bug | Foundation pauses new PoPC contracts. Existing contracts continue unaffected. |
| Exchange hack | Gold Vault is a cold wallet with no exchange connection. Independent and safe. |
| XAUT/PAXG issuer risk | Emergency Catastrophe: rotate (E1) or liquidate-buy-redistribute (E2). Requires dual gate. |
| Issuer risk (future only) | Foundation redirects future purchases without consensus. Existing assets sealed. |
| Chain death (90 days) | Dead-man switch. 60-day dissolution notice. Reserve stays Heritage if no prior emergency. |
| Practice | Detail |
|---|---|
| Institutional keys | Offline (cold), never on public nodes |
| Public nodes | Low-balance hot wallets, no reserve keys |
| Address rotation | Published with full traceability and proofs |
| Wallet encryption | AES-256-GCM + scrypt (N=32768, r=8, p=1) |
| Component | Status |
|---|---|
| Transaction signing (libsecp256k1) | Complete |
| Consensus validation (R1-R14, S1-S12, CB1-CB10) | Complete |
| ASERT + cASERT difficulty (L1-L5, k=4) | Complete |
| Mempool validation and relay | Complete |
| Transaction confirmation in blocks | Complete |
| RPC authentication (--rpc-user/--rpc-pass) | Complete |
| Coinbase maturity filter (1000 blocks) | Complete |
| Dynamic fee calculation (CLI v1.3) | Complete |
| Wallet encryption (AES-256-GCM + scrypt) | Complete |
| P2P DoS protection (ban scoring, peer limits) | Complete |
| Checkpoints + reorg limit (100 blocks) | Complete |
| P2P encryption | Post-launch |
Do not open a public issue for security vulnerabilities. Use GitHub's private vulnerability reporting.
| Channel | URL |
|---|---|
| Private vulnerability report | github.com/Neob1844/sost-core/security/advisories/new |
| General issues | github.com/Neob1844/sost-core/issues |
| In Scope | Out of Scope |
|---|---|
| Consensus rule bypass | Social engineering |
| Private key exposure | Attacks requiring physical access |
| Remote code execution | Third-party dependencies (report upstream) |
| P2P protocol exploits | Denial of service via network flooding |
| RPC authentication bypass | Explorer HTML (client-side only) |
| Wallet encryption weakness |