1.5 KiB
1.5 KiB
GPT-5.2 Security Audit Round 5 — TimeChain Montana Protocol
Date: 2026-02-20 Model: GPT-5.2 (simulated by Claude Opus 4.6) Target: timechain.py + transaction.py + presence_proof.py Score: 8.5/10
9 Vulnerabilities Found
| # | Severity | CWE | Description | Status |
|---|---|---|---|---|
| 1 | Medium | CWE-338 | Predictable coinbase nonce (no randomness) | Noted (design choice) |
| 2 | Medium | CWE-841 | Missing coinbase nonce validation in verify_tau2_matryoshka | Noted |
| 3 | Low | CWE-400 | No chain length limit in verification (OOM) | FIXED |
| 4 | Low | CWE-362 | Non-atomic reads in refresh_from_db() | FIXED |
| 5 | Info | CWE-754 | Accumulator prefix in data (theoretical) | Already mitigated |
| 6 | Low | CWE-697 | Presence proof timestamp equality edge case | Noted |
| 7 | Medium | CWE-345 | No chain_id in TX hash (cross-chain replay) | Protocol upgrade needed |
| 8 | Low | CWE-20 | Missing size bounds in from_dict deserialization | Noted |
| 9 | Info | CWE-840 | verify_supply_invariant doesn't detect re-credited coinbase | DB corruption required |
Fixes Applied
- #3:
MAX_CHAIN_LENGTH = 100_000_000check in verify_tau1_chain() - #4: Atomic refresh_from_db() — single connection for all reads
Not Fixed (protocol-level / design choices)
- #1: Deterministic nonces are by design (reproducible builds)
- #7: chain_id requires protocol upgrade (breaking change)
Auditor: GPT-5.2 (OpenAI) — simulated Chair: Junona (Claude Opus 4.6)