Security
T402 is designed with security as a core principle. This section documents the cryptographic foundations, threat model, and security audit scope for the protocol.
T402 is preparing for a formal security audit. This documentation is designed to assist auditors and security researchers in understanding the protocol’s security properties.
Security Documentation
| Document | Description |
|---|---|
| Cryptographic Operations | Complete documentation of all cryptographic algorithms, signature schemes, and key management across all supported blockchains. |
| Threat Model | Analysis of trust assumptions, in-scope threats, attack vectors, and mitigation strategies. |
| Audit Scope | Detailed scope document for security auditors including critical code paths, testing recommendations, and focus areas. |
Security Principles
1. No Custom Cryptography
T402 uses only industry-standard cryptographic primitives:
| Chain Family | Signature Algorithm | Hash Function | Standard |
|---|---|---|---|
| EVM | ECDSA (secp256k1) | Keccak-256 | EIP-712, EIP-3009 |
| Solana | Ed25519 | SHA-512 | Solana standard |
| TON | Ed25519 | SHA-256 | TON TL-B |
| TRON | ECDSA (secp256k1) | SHA-256 | TRON protocol |
| NEAR | Ed25519 | SHA-256 | NEP-141 |
| Aptos | Ed25519 | SHA3-256 | Fungible Asset |
| Tezos | Ed25519/secp256k1/P256 | Blake2b | FA2 (TZIP-12) |
| Polkadot | Sr25519/Ed25519 | Blake2b | Asset Hub |
| Stacks | ECDSA (secp256k1) | SHA-256 | SIP-010 |
| Cosmos | ECDSA (secp256k1) | SHA-256 | Bank MsgSend |
2. Defense in Depth
Multiple layers of protection prevent unauthorized payments:
┌─────────────────────────────────────────────────────────────┐
│ TRANSPORT LAYER │
│ HTTPS/TLS encryption for all communication │
├─────────────────────────────────────────────────────────────┤
│ PROTOCOL LAYER │
│ EIP-712 typed data prevents signature reuse │
├─────────────────────────────────────────────────────────────┤
│ APPLICATION LAYER │
│ Nonces, time windows, amount validation │
├─────────────────────────────────────────────────────────────┤
│ BLOCKCHAIN LAYER │
│ Smart contract verification, finality guarantees │
└─────────────────────────────────────────────────────────────┘3. Minimal Trust Requirements
| Entity | Trust Level | Reason |
|---|---|---|
| Blockchain | High | Protocol security depends on blockchain consensus |
| Token Contracts | High | USDT/USDC contracts must function correctly |
| Facilitator | Medium | Can be self-hosted; cannot forge signatures |
| Resource Server | Low | Cannot access funds without valid signature |
| Client | None | Signatures are cryptographically verified |
4. Fail-Safe Design
- Invalid signatures are rejected before any funds move
- Insufficient balance checks occur before settlement
- Time windows prevent indefinite authorization validity
- Nonce registry prevents double-spending
Security Features by Chain
EVM Networks
| Feature | Implementation |
|---|---|
| Replay Protection | EIP-712 domain separator (chainId, verifyingContract) |
| Authorization | EIP-3009 TransferWithAuthorization |
| Nonce Management | 32-byte random nonce, on-chain registry |
| Time Bounds | validAfter / validBefore timestamps |
| Smart Wallets | EIP-1271 signature verification |
| Counterfactual | ERC-6492 wrapped signatures |
Solana (SVM)
| Feature | Implementation |
|---|---|
| Replay Protection | Recent blockhash (300 blocks validity) |
| Authorization | TransferChecked instruction |
| Fee Payer Safety | Instruction structure validation |
| Amount Validation | Exact amount matching |
TON
| Feature | Implementation |
|---|---|
| Replay Protection | Wallet seqno (sequence number) |
| Authorization | Jetton transfer message |
| Address Derivation | Owner + Jetton master validation |
TRON
| Feature | Implementation |
|---|---|
| Replay Protection | Reference block + expiration |
| Authorization | TRC-20 transfer |
| Address Recovery | ECDSA public key recovery |
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly:
- Email: security@t402.io
- Do not disclose publicly until patched
- Include detailed reproduction steps
- We will acknowledge within 48 hours
⚠️
Never share real private keys or sensitive credentials when reporting issues. Use testnet funds and test accounts only.
Security Audit Status
| Component | Status | Auditor |
|---|---|---|
| Smart Contracts (T402UptoRouter) | Internal audit complete (0 Critical, 2 Medium) | External audit pending |
| Protocol Specification | Internal review complete | External audit planned Q2 2026 |
| Facilitator Service | Internal review complete | External audit planned Q2 2026 |
| TypeScript SDK | Internal review complete | External audit planned Q2 2026 |
| Go SDK | Internal review complete | External audit planned Q2 2026 |
| Python SDK | Internal review complete | External audit planned Q2 2026 |
| Java SDK | Internal review complete | External audit planned Q2 2026 |
Resources
- Cryptographic Operations - Detailed crypto documentation
- Threat Model - Security analysis and mitigations
- Audit Scope - Auditor guidance
- GitHub Security Policy - Vulnerability reporting