Audits
Security audits validate that the OXN protocol implementation matches its intended behavior and does not contain critical vulnerabilities. Published audit reports will be listed on this page as they become available.
Status
No public audits have been published yet. The runtime, SGX enclave configuration, and system contracts are under active review. External audits are on the roadmap prior to mainnet launch.
What is audited
Planned audit scope:
- Runtime code — the EVM inside the SGX enclave, including the confidentiality primitives.
- Enclave configuration — SGX build parameters, remote attestation flow, key management protocol.
- System contracts — precompile implementations and any built-in contracts.
- SDK code paths — the client-side encryption libraries.
Third-party dependencies
OXN inherits security posture from several external components:
- Intel SGX — Intel maintains the hardware and firmware. See Intel's SGX vulnerability disclosures for the underlying platform's security history.
- Deoxys-II — the symmetric encryption algorithm. Peer-reviewed academic construction.
- X25519 — the key exchange protocol. Widely deployed and studied.
Reporting audit findings
If you're a security researcher who has identified an issue, please follow the responsible disclosure process — see Reporting Security Issues.