Security · internal audits
We audit our own code, out loud.
Postern runs continuous internal, AI-assisted adversarial code review across both the ownerless Bloch-SIS-PoW protocol and the owned Postern products — and reports what it finds honestly, including the still-open bits. This is not the contracted third-party audit (that is the real gate, and it is still pending); it is the in-house discipline that runs between third-party passes.
How it runs
Many auditors, then adversaries.
Each pass fans a fleet of Claude Opus 4.8 auditors across partitioned slices of the codebase — crypto, consensus, networking, the shielded pool, the wallet, the file parsers, the desktop command surface, the web apps, the packaging scripts. Every candidate finding is then adversarially verified against the source (file:line) before it counts, and every fix is checked by an independent reviewer that tries to break it — "did this actually close the hole, or just compile?". That adversarial fix-verification is where the value is: on the last pass it caught a subtle consensus-halt that the first read missed, which was then fixed too.
Latest internal pass — 2026-07
What it found, in aggregate.
Roughly 49 findings across the two codebases, verified against source:
- 2 critical — both in the protocol (network-layer resource handling and shielded-transaction accounting). Remediated in code + adversarially re-verified.
- 6 high — protocol (mining-submission validation, transport framing, peer-string handling, the reorg consensus-halt) and products (a web-app output-encoding issue, a messenger encryption-tier check). All remediated in code.
- ~11 medium / ~30 low — parser resource limits, desktop URL pinning, supply-chain signing, secret zeroization, governance edge-cases. Remediated or scheduled.
The products' fixes are live; the protocol's fixes are committed and pending deployment to the running nodes (the ownerless protocol is upgraded the Bitcoin way — node operators adopt, nobody forces it).
Node operators — action required
A security update is available. Update your node.
If you run a Bloch-SIS-PoW node, update now. The fixes from the latest internal audit — including the two criticals and the reorg consensus-halt — are merged into the protocol's main branch. The protocol is ownerless and upgraded the Bitcoin way: nobody can force you, but an un-updated node is exposed to a remote single-packet crash and a reorg-halt.
To update: git pull the latest main from gitlab.com/blochsispow-group/BlochSISPoW-project, rebuild (cargo build --release), and restart your node. No data migration or config change is needed. The project's own public demo nodes are being redeployed with the fix.
Technical reports
The full findings, per finding.
The full technical audit reports — every finding with its file:line, attack scenario, and fix, plus a post-audit remediation banner — are published as the corresponding fixes go live, so a report never doubles as a working weapon against an un-patched target:
- Postern products — Security Audit (PDF) ↓ — published. The products' fixes are deployed (web-app fixes live; desktop/crate fixes in the downloadable products), so the details are safe to release. 33 findings, all high/medium remediated + adversarially re-verified.
- Bloch-SIS-PoW protocol — Security Audit (PDF) ↓ — published. The public demo nodes are updated with the fix and operators are notified (here, on the explorer, and in the community), so the details are now safe to release. 16 findings incl. 2 criticals (network-decode OOM, shielded-note counterfeiting) and a reorg consensus-halt — all remediated + adversarially re-verified (one narrow reorg race scheduled for hardening).
Found a vulnerability? See the RFC 9116 policy at /.well-known/security.txt and /SECURITY.md. Nothing here is audited or safe: the chain runs the relaxed k=4 regime (trivially forgeable, 51%-attackable), everything is a pre-mainnet beta, and internal AI-assisted review is not a substitute for the contracted third-party audit. Do not protect real value with any of this yet.