montana/Русский/Совет/OpenAI/GPT5.2_TimeChain_Audit_2026-02-20.md

# GPT-5.2 Security Audit — TimeChain Montana Protocol
**Date:** 2026-02-20
**Model:** GPT-5.2 (gpt-5.2)
**Target:** timechain.py (1567 lines)
**Score:** 1/10

## TOP-5 Most Dangerous Attacks
1. **ML-DSA-65 signatures not verified during window acceptance** — forge blocks, rewrite history
2. **Double-spend through non-atomic UTXO ↔ window operations** — crash between apply and save
3. **Free re-emission through crash between add_outputs and time_bank_spent** save
4. **Emission manipulation via float/NaN halving_coefficient + no global limit**
5. **Head/state substitution through chain_state without connectivity verification**

## All 14 Vulnerabilities

| # | Severity | CWE | Description |
|---|----------|-----|-------------|
| 1 | Critical | CWE-347 | ML-DSA-65 signatures not verified anywhere during creation/acceptance |
| 2 | Critical | CWE-362 | Double-spend from non-atomic UTXO ↔ window operations |
| 3 | Critical | CWE-354/682 | Accumulator circular dependency (chain_accumulator in window_hash) |
| 4 | High/Critical | CWE-20 | Timestamp manipulation — MAX_TIMESTAMP_DRIFT_NS/MIN_TAU1_GAP_NS not enforced |
| 5 | Critical | CWE-345 | No chain connectivity verification on startup |
| 6 | Critical | CWE-353 | SQLite integrity_check doesn't protect against malicious edits |
| 7 | High | CWE-295/345 | register_node() without trust model |
| 8 | Medium/High | CWE-20/347 | Merkle tree lacks domain separation |
| 9 | Critical | CWE-681/20 | Emission: no global limit, float coefficient (NaN/inf) |
| 10 | Critical | CWE-362/664 | time_bank_spent updates non-atomic relative to save_tau2 |
| 11 | High | CWE-294/20 | No replay protection for coinbase |
| 12 | High | CWE-400 | DoS via unlimited sizes (transactions, proofs, data_json) |
| 13 | Medium/High | CWE-284/367 | INSERT OR REPLACE in chain_state allows rollback/substitution |
| 14 | High | CWE-682 | Genesis accumulator logic inconsistency |

## Fixes Applied
All 14 vulnerabilities addressed in timechain.py rewrite:
- Accumulator redesign: `chain_accumulator` → `prev_accumulator` (no circular dependency)
- Atomic UTXO ↔ window operations (single SQLite transaction)
- Timestamp validation (drift, monotonicity, minimum gap)
- Emission safety (coefficient validation, total cap per τ₂)
- Merkle domain separation (leaf/node prefixes, hex validation)
- DoS limits (max transactions, proofs, coinbase per window)
- Startup chain state verification
- Strict signature verification (fail on unknown nodes)
- Coinbase replay protection (INSERT OR IGNORE + tracking)

---
**Auditor:** GPT-5.2 (OpenAI)
**Chair:** Junona (Claude Opus 4.6)
Mirror of /Users/kh./Python/Ничто/Монтана 2026-05-04 00:48:53 +03:00			`# GPT-5.2 Security Audit — TimeChain Montana Protocol`
			`Date: 2026-02-20`
			`Model: GPT-5.2 (gpt-5.2)`
			`Target: timechain.py (1567 lines)`
			`Score: 1/10`

			`## TOP-5 Most Dangerous Attacks`
			`1. ML-DSA-65 signatures not verified during window acceptance — forge blocks, rewrite history`
			`2. Double-spend through non-atomic UTXO ↔ window operations — crash between apply and save`
			`3. Free re-emission through crash between add_outputs and time_bank_spent save`
			`4. Emission manipulation via float/NaN halving_coefficient + no global limit`
			`5. Head/state substitution through chain_state without connectivity verification`

			`## All 14 Vulnerabilities`

			`\| # \| Severity \| CWE \| Description \|`
			`\|---\|----------\|-----\|-------------\|`
			`\| 1 \| Critical \| CWE-347 \| ML-DSA-65 signatures not verified anywhere during creation/acceptance \|`
			`\| 2 \| Critical \| CWE-362 \| Double-spend from non-atomic UTXO ↔ window operations \|`
			`\| 3 \| Critical \| CWE-354/682 \| Accumulator circular dependency (chain_accumulator in window_hash) \|`
			`\| 4 \| High/Critical \| CWE-20 \| Timestamp manipulation — MAX_TIMESTAMP_DRIFT_NS/MIN_TAU1_GAP_NS not enforced \|`
			`\| 5 \| Critical \| CWE-345 \| No chain connectivity verification on startup \|`
			`\| 6 \| Critical \| CWE-353 \| SQLite integrity_check doesn't protect against malicious edits \|`
			`\| 7 \| High \| CWE-295/345 \| register_node() without trust model \|`
			`\| 8 \| Medium/High \| CWE-20/347 \| Merkle tree lacks domain separation \|`
			`\| 9 \| Critical \| CWE-681/20 \| Emission: no global limit, float coefficient (NaN/inf) \|`
			`\| 10 \| Critical \| CWE-362/664 \| time_bank_spent updates non-atomic relative to save_tau2 \|`
			`\| 11 \| High \| CWE-294/20 \| No replay protection for coinbase \|`
			`\| 12 \| High \| CWE-400 \| DoS via unlimited sizes (transactions, proofs, data_json) \|`
			`\| 13 \| Medium/High \| CWE-284/367 \| INSERT OR REPLACE in chain_state allows rollback/substitution \|`
			`\| 14 \| High \| CWE-682 \| Genesis accumulator logic inconsistency \|`

			`## Fixes Applied`
			`All 14 vulnerabilities addressed in timechain.py rewrite:`
			- Accumulator redesign: `chain_accumulator` → `prev_accumulator` (no circular dependency)
			`- Atomic UTXO ↔ window operations (single SQLite transaction)`
			`- Timestamp validation (drift, monotonicity, minimum gap)`
			`- Emission safety (coefficient validation, total cap per τ₂)`
			`- Merkle domain separation (leaf/node prefixes, hex validation)`
			`- DoS limits (max transactions, proofs, coinbase per window)`
			`- Startup chain state verification`
			`- Strict signature verification (fail on unknown nodes)`
			`- Coinbase replay protection (INSERT OR IGNORE + tracking)`

			`---`
			`Auditor: GPT-5.2 (OpenAI)`
			`Chair: Junona (Claude Opus 4.6)`