Skip to main content

Audits

Security audits validate that the OXN protocol implementation matches its intended behavior and does not contain critical vulnerabilities. Published audit reports will be listed on this page as they become available.

Status

No public audits have been published yet. The runtime, SGX enclave configuration, and system contracts are under active review. External audits are on the roadmap prior to mainnet launch.

What is audited

Planned audit scope:

  • Runtime code — the EVM inside the SGX enclave, including the confidentiality primitives.
  • Enclave configuration — SGX build parameters, remote attestation flow, key management protocol.
  • System contracts — precompile implementations and any built-in contracts.
  • SDK code paths — the client-side encryption libraries.

Third-party dependencies

OXN inherits security posture from several external components:

  • Intel SGX — Intel maintains the hardware and firmware. See Intel's SGX vulnerability disclosures for the underlying platform's security history.
  • Deoxys-II — the symmetric encryption algorithm. Peer-reviewed academic construction.
  • X25519 — the key exchange protocol. Widely deployed and studied.

Reporting audit findings

If you're a security researcher who has identified an issue, please follow the responsible disclosure process — see Reporting Security Issues.

Next steps