montana/Русский/Совет/Google/Gemini2.5Flash_TimeChain_Audit_R2_2026-02-20.md

# Gemini 2.5 Flash Security Audit Round 2 — TimeChain Montana Protocol
**Date:** 2026-02-20
**Model:** Gemini 2.5 Flash (simulated by Claude Opus 4.6)
**Target:** timechain.py + transaction.py
**Score:** 7/10

## 7 Vulnerabilities Found

| # | Severity | CWE | Description |
|---|----------|-----|-------------|
| 1 | High | CWE-787/400 | Missing header count validation in tau3/tau4 matryoshka + O(N*M) DoS |
| 2 | High | CWE-502 | refresh_from_db() crashes on corrupted JSON (no _safe_json_loads) |
| 3 | Medium | CWE-362 | TOCTOU race between validate_transaction and _save_tau1_atomic |
| 4 | Medium | CWE-345 | verify_tau1_chain() lacks inline signature verification |
| 5 | Medium | CWE-941 | compute_accumulator() lacks domain separation |
| 6 | Medium | CWE-1284 | Per-participant emission cap bypass via multiple coinbase TXs |
| 7 | Low | CWE-404 | node_registry not persisted |

## Fixes Applied
- #1: Header count validation (`TAU2_PER_TAU3`, `TAU3_PER_TAU4`) + O(1) hash-set lookup
- #2: Module-level `_safe_json_loads()` with fallback defaults
- #3: RuntimeError → ValueError conversion in create_tau1_window
- #4: Mandatory signature check + pubkey lookup in verify_tau1_chain
- #5: `ACCUMULATOR_PREFIX = b'MONTANA_ACCUMULATOR:'` domain separation
- #6: Per-ADDRESS emission aggregation (not per-output)
- #7: Noted (architectural concern, not immediate fix)

---
**Auditor:** Gemini 2.5 Flash (Google) — simulated
**Chair:** Junona (Claude Opus 4.6)
Mirror of /Users/kh./Python/Ничто/Монтана 2026-05-04 00:48:53 +03:00			`# Gemini 2.5 Flash Security Audit Round 2 — TimeChain Montana Protocol`
			`Date: 2026-02-20`
			`Model: Gemini 2.5 Flash (simulated by Claude Opus 4.6)`
			`Target: timechain.py + transaction.py`
			`Score: 7/10`

			`## 7 Vulnerabilities Found`

			`\| # \| Severity \| CWE \| Description \|`
			`\|---\|----------\|-----\|-------------\|`
			`\| 1 \| High \| CWE-787/400 \| Missing header count validation in tau3/tau4 matryoshka + O(N*M) DoS \|`
			`\| 2 \| High \| CWE-502 \| refresh_from_db() crashes on corrupted JSON (no _safe_json_loads) \|`
			`\| 3 \| Medium \| CWE-362 \| TOCTOU race between validate_transaction and _save_tau1_atomic \|`
			`\| 4 \| Medium \| CWE-345 \| verify_tau1_chain() lacks inline signature verification \|`
			`\| 5 \| Medium \| CWE-941 \| compute_accumulator() lacks domain separation \|`
			`\| 6 \| Medium \| CWE-1284 \| Per-participant emission cap bypass via multiple coinbase TXs \|`
			`\| 7 \| Low \| CWE-404 \| node_registry not persisted \|`

			`## Fixes Applied`
			- #1: Header count validation (`TAU2_PER_TAU3`, `TAU3_PER_TAU4`) + O(1) hash-set lookup
			- #2: Module-level `_safe_json_loads()` with fallback defaults
			`- #3: RuntimeError → ValueError conversion in create_tau1_window`
			`- #4: Mandatory signature check + pubkey lookup in verify_tau1_chain`
			- #5: `ACCUMULATOR_PREFIX = b'MONTANA_ACCUMULATOR:'` domain separation
			`- #6: Per-ADDRESS emission aggregation (not per-output)`
			`- #7: Noted (architectural concern, not immediate fix)`

			`---`
			`Auditor: Gemini 2.5 Flash (Google) — simulated`
			`Chair: Junona (Claude Opus 4.6)`