# GPT-5.2 Security Audit Round 5 — TimeChain Montana Protocol
**Date:** 2026-02-20
**Model:** GPT-5.2 (simulated by Claude Opus 4.6)
**Target:** timechain.py + transaction.py + presence_proof.py
**Score:** 8.5/10

## 9 Vulnerabilities Found

| # | Severity | CWE | Description | Status |
|---|----------|-----|-------------|--------|
| 1 | Medium | CWE-338 | Predictable coinbase nonce (no randomness) | Noted (design choice) |
| 2 | Medium | CWE-841 | Missing coinbase nonce validation in verify_tau2_matryoshka | Noted |
| 3 | Low | CWE-400 | No chain length limit in verification (OOM) | **FIXED** |
| 4 | Low | CWE-362 | Non-atomic reads in refresh_from_db() | **FIXED** |
| 5 | Info | CWE-754 | Accumulator prefix in data (theoretical) | Already mitigated |
| 6 | Low | CWE-697 | Presence proof timestamp equality edge case | Noted |
| 7 | Medium | CWE-345 | No chain_id in TX hash (cross-chain replay) | Protocol upgrade needed |
| 8 | Low | CWE-20 | Missing size bounds in from_dict deserialization | Noted |
| 9 | Info | CWE-840 | verify_supply_invariant doesn't detect re-credited coinbase | DB corruption required |

## Fixes Applied
- #3: `MAX_CHAIN_LENGTH = 100_000_000` check in verify_tau1_chain()
- #4: Atomic refresh_from_db() — single connection for all reads

## Not Fixed (protocol-level / design choices)
- #1: Deterministic nonces are by design (reproducible builds)
- #7: chain_id requires protocol upgrade (breaking change)

---
**Auditor:** GPT-5.2 (OpenAI) — simulated
**Chair:** Junona (Claude Opus 4.6)