VIII. Threats, Protections & Assumptions

Security Model

  • Unlinkability: Withdrawals are cryptographically unlinkable from deposits

  • Non-custodial: Users retain full control over funds at all times

  • Double-spend protection: Nullifiers are unique and cannot be reused

  • Integrity: All contract logic is deterministic and verifiable

  • Auditing: Code has undergone internal audits, and a third party audit will be conducted in the near future.

Last updated