Security & audit status
xPrivFi is under active development. The protocol is not yet audited by any independent third party. This page documents the current state of internal review and hardening.
The security of a Layer-1 blockchain depends on clear consensus rules, a small implementation footprint, and deterministic validation behavior. The goal of ongoing review is to keep the codebase simple enough for long-term verification and reproducibility.
Current review focus
Internal review efforts focus on the following areas:
- Consensus logic — header validation, PoW (RandomHash/iPoW), difficulty adjustment, timestamp rules, and reward schedule.
- State transitions — replay protection, balance updates, supply invariants, and prevention of negative balances.
- Mempool behavior — transaction admission, duplicate detection, and fee handling (under continued refinement).
- RPC interface — validation of inputs, rate limiting through tooling or external reverse proxies, and strict separation from consensus.
- HexGrid Layer-2 — ensuring that off-chain game mechanics cannot influence or bypass L1 validation.
What is not yet reviewed
The following areas remain unaudited and may change as development progresses:
- Formal verification of RandomHash/iPoW properties.
- Independent line-by-line code audit by an external security firm.
- Advanced network modeling and adversarial simulation.
- Performance testing across large peer sets and extended runtimes.
- Side-channel resistance, DoS behavior, and miner incentive modeling.
Planned external audit
After the protocol reaches a stable release candidate, an external audit may be commissioned. No timeline or commitments are provided. Scope and priority will depend on community interest, available resources, and protocol maturity.
Until such an audit is performed, the software should be considered experimental. Users should operate nodes and participate in the ecosystem with caution.