Help secure the Positronic blockchain. Find vulnerabilities, earn ASF rewards. We value the security community's contributions to making our network safer.
| Component | Description | Status |
|---|---|---|
| Consensus Engine | DPoS/BFT consensus, validator election, finality, slashing | In Scope |
| Transaction Pipeline | TX validation, mempool, gas calculation, priority lanes | In Scope |
| Cryptography | Ed25519 signatures, SHA-512 hashing, AES-256 keystore, post-quantum | In Scope |
| P2P Network | Peer discovery, message propagation, block sync, Kademlia DHT | In Scope |
| RPC Server | JSON-RPC API, authentication, rate limiting, access control | In Scope |
| AI Validation | ML transaction scoring, quarantine system, model integrity | In Scope |
| Smart Contracts | PositronicVM execution, gas metering, contract storage | In Scope |
| Database Layer | AES-256-GCM encryption at rest, WAL mode, schema migration, state integrity | In Scope |
| Chain Reorg Engine | ForkManager, competing block storage, longest-chain rule, finality guard | In Scope |
| Upgrade System | Feature flags, schema migration, activation/rollback lifecycle | In Scope |
| Compliance System | Forensic reports, court reports, wallet registry | In Scope |
| Desktop App UI | Visual bugs, layout issues, cosmetic defects | Out of Scope |
| Website | positronic-ai.network website (informational only) | Out of Scope |
| Third-Party Libraries | Issues in upstream dependencies (report upstream) | Out of Scope |
Test on the public testnet or a local node. Clone the repository from GitHub and run python -m pytest tests/ -v to understand the test coverage.
Include: affected component, severity assessment, step-by-step reproduction, impact analysis, and suggested fix (optional). Use the template below.
Go to GitHub Security Advisory to submit privately. Alternatively, email security@positronic-ai.network with GPG encryption.
After we verify and fix the issue, you'll receive ASF coins to your wallet. Critical fixes may earn additional bonus rewards at our discretion.
Positronic implements defense-in-depth security across all layers:
| Layer | Protection | Standard |
|---|---|---|
| Signatures | Ed25519 (RFC 8032) | 128-bit security |
| Hashing | SHA-512 + Blake2b | 256-bit security |
| Key Storage | AES-256-GCM encrypted keystore | PBKDF2 100K iterations |
| Database | AES-256-GCM encryption at rest | PBKDF2-SHA512 |
| Admin Keys | Machine-bound encrypted storage | HMAC-SHA256 auth |
| P2P Transport | TLS 1.3 with certificate pinning | Forward secrecy |
| RPC Server | Multi-tier rate limiting + CORS | 3 sliding windows |
| Post-Quantum | Dilithium lattice signatures | NIST PQC Level 3 |
| Consensus | BFT finality + slashing | 66% Byzantine fault tolerance |
| AI Validation | ML fraud detection pipeline | Quarantine + human review |
Positronic considers security research conducted in good faith to be authorized activity. We will not pursue legal action against researchers who follow the rules outlined above, test only on testnet infrastructure, make a good faith effort to avoid privacy violations and data destruction, and report vulnerabilities promptly through the designated channels. We ask that you give us reasonable time to address issues before public disclosure.
In February 2026, an internal security audit identified and fixed 12 vulnerabilities (3 Critical, 9 High) across the consensus, cryptographic, AI, and infrastructure layers. All fixes are backed by a 218-test attack simulation suite that verifies each defense from a real attacker's perspective.