Skip to content

Security Audit Scope

Project: SIP Protocol (Shielded Intents Protocol) Audit Target Version: SDK 0.1.0 baseline (current released SDK: 0.9.0) Date: November 28, 2025 Status: Ready for External Audit


SIP Protocol is a privacy layer for cross-chain transactions built on NEAR Intents. The SDK provides cryptographic primitives for stealth addresses, Pedersen commitments, and viewing keys to enable privacy-preserving cross-chain swaps.

Audit Objectives:

  1. Verify cryptographic implementation correctness
  2. Identify vulnerabilities in privacy guarantees
  3. Assess code quality and security practices
  4. Validate threat model assumptions

FileLinesDescriptionRisk
packages/sdk/src/commitment.ts~470Pedersen commitments, NUMS generatorCritical
packages/sdk/src/stealth.ts~415EIP-5564 stealth addressesCritical
packages/sdk/src/privacy.ts~340Viewing keys, XChaCha20-Poly1305 encryptionCritical
packages/sdk/src/crypto.ts~84Hash utilities, commitment wrappersHigh
packages/sdk/src/secure-memory.ts~120Memory zeroization utilitiesCritical

Focus Areas:

  • NUMS generator construction (nothing-up-my-sleeve)
  • Pedersen commitment hiding/binding properties
  • Stealth address unlinkability
  • ECDH key exchange correctness
  • XChaCha20-Poly1305 encryption implementation
  • Random number generation (CSPRNG usage)

Priority 2: Validation & Error Handling (High)

Section titled “Priority 2: Validation & Error Handling (High)”
FileLinesDescriptionRisk
packages/sdk/src/validation.ts~400Input validation for all public APIsHigh
packages/sdk/src/errors.ts~470Error hierarchy, no info leakageMedium

Focus Areas:

  • Input validation completeness
  • Error message content (no sensitive data)
  • Type safety enforcement
FileLinesDescriptionRisk
packages/sdk/src/intent.ts~490Intent builder, shielded intent creationHigh
packages/sdk/src/sip.ts~230Main SIP client classMedium

Focus Areas:

  • Intent ID uniqueness
  • Privacy level enforcement
  • Proof requirement validation
FileLinesDescriptionRisk
packages/sdk/src/proofs/interface.ts~200Proof provider interfaceMedium
packages/sdk/src/proofs/mock.ts~280Mock provider (dev only)Low
packages/sdk/src/proofs/noir.ts~1,213Noir proof provider (real ZK)High

Focus Areas:

  • Interface correctness for future Noir integration
  • Mock provider cannot be used in production accidentally
FileLinesDescriptionRisk
packages/sdk/src/adapters/near-intents.ts~350NEAR 1Click API integrationMedium
packages/sdk/src/wallet/ethereum/adapter.ts~650Ethereum wallet adapterMedium
packages/sdk/src/wallet/solana/adapter.ts~530Solana wallet adapterMedium

Focus Areas:

  • No sensitive data exposure in API calls
  • Proper error handling for external services
ComponentReason
apps/demo/Demo application, not production code
packages/types/Type definitions only, no runtime code
packages/sdk/src/zcash/Zcash integration (optional feature)
packages/sdk/src/solver/Mock solver for testing only
Test files (tests/)Test code, not production
Build configurationNot security-critical

Note: packages/sdk/src/proofs/noir.ts was previously out of scope but is now in scope after full implementation.


Core Cryptography: ~1,420 lines (+secure-memory.ts)
Validation/Errors: ~870 lines
Intent System: ~720 lines
Proof System: ~1,693 lines (+noir.ts ~1,213)
Integrations: ~1,530 lines
─────────────────────────────────
Total In-Scope: ~6,233 lines
Overall: 89.88% statements
84.91% branches
89.05% functions
89.88% lines
Core Files:
- validation.ts: 100%
- errors.ts: 100%
- commitment.ts: 93%
- stealth.ts: 82%
- privacy.ts: 88%
DependencyVersionPurposePrior Audits
@noble/curves^1.3.0secp256k1 ECCTrail of Bits
@noble/hashes^1.3.3SHA256, HKDFTrail of Bits
@noble/ciphers^2.2.0XChaCha20-Poly1305Trail of Bits

PropertyDescriptionVerification Method
HidingCommitment reveals nothing about valueMathematical proof review
BindingCannot open to different valueECDLP assumption check
HomomorphicC(a) + C(b) = C(a+b)Unit test verification
PropertyDescriptionVerification Method
UnlinkabilityDifferent addresses cannot be linkedProtocol analysis
CorrectnessRecipient can derive private keyRound-trip testing
ScanningView tag optimization doesn’t leakInformation analysis
PropertyDescriptionVerification Method
ConfidentialityOnly key holder can decryptStandard AEAD properties
IntegrityTampering detectedAuthentication tag
Nonce-safety24-byte random noncesImplementation review
PropertyDescriptionVerification Method
SeparationViewing key cannot derive spendingKey derivation review
RandomnessKeys from CSPRNGRNG source verification
No leakageKeys not in logs/errorsCode search

  1. Memory Zeroization: Implemented in v0.1.1 - secure-memory.ts provides defense-in-depth wiping (random overwrite + zero)

  2. Noir Circuits: Implemented in v0.2.0 - Full Noir circuits for Funding, Validity, and Fulfillment proofs

  3. Timing Attacks: Relies on @noble/* constant-time operations; SDK code not independently verified for constant-time

  4. View Tag: 8-bit view tag reveals 8 bits of shared secret (documented trade-off for scanning efficiency)

  5. TODOs in Code:

    • noir.ts: Circuit implementations Implemented
    • shielded-service.ts:376: Zcash fee estimation (minor)

See docs/security/KNOWN_LIMITATIONS.md for full details.


  1. Findings Report

    • Severity classification (Critical/High/Medium/Low/Info)
    • Detailed descriptions with PoC where applicable
    • Remediation recommendations
  2. Code Quality Assessment

    • Architecture feedback
    • Best practices recommendations
  3. Cryptographic Analysis

    • Verification of security properties
    • Parameter/assumption validation
  1. Response to Findings

    • Fix implementation for Critical/High
    • Documentation for accepted risks
    • Timeline for Medium/Low fixes
  2. Re-audit (if needed)

    • For Critical/High finding fixes

PhaseDurationActivities
Kickoff1 dayCodebase walkthrough, Q&A
Review2-3 weeksCode review, analysis
Draft Report3 daysInitial findings delivery
Response1 weekTeam fixes Critical/High
Final Report3 daysUpdated report with fixes

Total Estimated: 4-5 weeks


TierAuditor TypeEstimated CostTimeline
PremiumTrail of Bits, OpenZeppelin$80,000-150,0004-6 weeks
Mid-tierZellic, Consensys Diligence$40,000-80,0003-5 weeks
IndependentSolo cryptographers$15,000-40,0002-4 weeks
CommunityCode4rena, Sherlock$20,000-50,0002-3 weeks

Given SIP’s focus on cryptographic primitives:

  1. Phase 1: Independent cryptographer review (~$20-30k)

    • Focus on commitment.ts, stealth.ts, privacy.ts
    • Mathematical correctness verification
  2. Phase 2: Full audit when circuits ready (~$50-80k)

    • Include Noir circuits
    • Full integration review

Technical Contact: SIP Protocol Team Repository: https://github.com/sip-protocol/sip-protocol Communication: GitHub Issues (label: security)


Generated at commit: 5061db8

SHA256 Checksums (In-Scope Files):
packages/sdk/src/commitment.ts
packages/sdk/src/stealth.ts
packages/sdk/src/privacy.ts
packages/sdk/src/crypto.ts
packages/sdk/src/validation.ts
packages/sdk/src/errors.ts
packages/sdk/src/intent.ts
packages/sdk/src/sip.ts
packages/sdk/src/proofs/interface.ts
packages/sdk/src/proofs/mock.ts
(Run: find packages/sdk/src -name "*.ts" -exec sha256sum {} \;)