Q markQUADTestnet Observatory

Security Posture

This page states what QUAD Core is willing to claim publicly during testnet. It separates audit status, high-sensitivity surfaces, disclosure handling, and refused safety claims.

ReadinessArchitectureUsage EvidenceCore BoundaryReceiptsNetwork

External audit status

Audit language is evidence-bound. The public page does not promote planned reviews into completed reports.

Status

No external audit report is published from this Core testnet surface.

Firm names

No audit firm is named here unless a real engagement or public report has been approved for disclosure.

Report slots

Future audit report slots stay reserved until there is a public report link. Placeholder firm names are not used as trust evidence.

Meaning

Testnet liveness, receipts, and code existence are useful evidence, but they are not an independent audit.

High-sensitivity surfaces

These surfaces are treated as sensitive even when they have public receipts or working testnet code.

Bridge

Boundary movement, route receipts, native acquisition, owner-vault acknowledgements, relayer funding, and cross-chain proof handling are high-sensitivity surfaces.

Vault and Treasury

Custody, admitted NAV, reserve accounting, quarantine release, and supply-law inputs are high-sensitivity surfaces. Treasury remains passive custody, not routing authority.

Keys and operators

Private keys, seed phrases, sentry topology, hidden thresholds, timing edges, and operator procedures are not published from this surface.

Public receipts

Transaction hashes, block heights, route states, refusal states, and public account labels can be shown when they do not expose private controls.

Disclosure path

Responsible disclosure should reduce risk without turning a report into a public exploit guide.

  • Before mainnet. A dedicated security contact route must be published before mainnet. Until then, use UQuad community onboarding as the public first-contact route and request a private security channel without posting exploit details publicly.
  • Security metadata. Core publishes an interim security.txt pointing to this policy and the current public first-contact route.
  • Public-safe first message. Include the affected surface, impact class, public transaction or block reference if available, and a short non-destructive summary.
  • Do not include secrets. Never send seed phrases, private keys, recovery phrases, wallet passwords, SSH keys, or personal documents.
  • Do not attack public services. Do not run denial-of-service tests, drain attempts, private route probing, or attacks against third-party infrastructure.
  • Testnet-only reproduction. Use minimal testnet reproduction steps where possible. If the issue cannot be shown safely, describe the risk class without live exploitation.

Refused claims

These statements remain refused unless later public evidence changes them.

Not auditedNo public external audit report is published from Core at this time. Not mainnetA running testnet is not a mainnet launch, freeze declaration, or production value surface. Not safe because code existsWorking code, receipts, and public route data do not prove Bridge, Vault, Treasury, or relayer safety by themselves. No value promiseSupply, burn, backing, reward-output, and balance pages are observations, not redemption, buyback, reward, price-support, or liquidity promises. No adjacent inheritanceBridge, Infra, Liquid, wallet metadata, crawler summaries, or third-party pages do not create Core admission or Core production safety.