L
THE FOUR PHASES
Every evaluation follows a strict sequence. Deviation is not permitted.
01
REQUEST
Package selection, scope outline. Payment confirms intent. Reference assigned.
02
SCOPE CONFIRMATION
In writing: what is evaluated, what is excluded. No evaluation until scope is locked.
03
EVALUATION
25 functions applied to confirmed scope. Evidence documented. No shortcuts.
04
DECISION DELIVERY
Report with verdict (GRANTED / CONDITIONAL / DENIED), reason, validity. Project ID assigned.
VERDICT LOGIC
Deterministic. One outcome per evaluation.
| Verdict |
Condition |
Effect |
| GRANTED |
No critical impediments. All evaluated functions pass. |
Proceed. Verification Seal issued. |
| CONDITIONAL |
Non-critical issues. Conditions to meet within timeframe. |
Proceed only after conditions satisfied. Re-evaluation possible. |
| DENIED |
Critical failure in one or more functions. SPOF, missing invalidation, disclosure gaps. |
Do not proceed. Remediate. Re-apply. |
CORE LOGIC (F01–F08)
Contract integrity, access control, business logic. Failures here typically result in DENIED.
[F01]
Contract Integrity
Code correctness, reentrancy prevention, overflow/underflow handling, audited library usage, storage write ordering.
Failure → DENIED
[F02]
Access Control
RBAC implementation, function modifiers, init/constructor security, privilege escalation paths, arbitrary call prevention.
Failure → DENIED
[F03]
LP Lock
Liquidity lock mechanics, lock duration enforcement, withdrawal bypass prevention, slippage protection on lock/unlock, on-chain verification.
Failure → DENIED
[F04]
Ownership Structure
Admin key distribution, multisig requirement (M-of-N), centralization risk, single-owner detection.
Failure → DENIED
[F05]
Business Logic
Math precision, decimal scaling, slippage protection, flash loan resistance, rounding/truncation, token donation attacks.
Failure → DENIED
[F06]
Oracle / Pricing
Price feed staleness checks, TWAP vs spot validation, manipulation vectors, cross-chain consistency where applicable.
Failure → CONDITIONAL
[F07]
Disclosure
Access proof provided, documentation aligned with implementation, no hidden admin paths or undeclared capabilities.
Failure → DENIED
[F08]
Deployment Safety
Proxy initialization, storage layout validation, upgrade path init, no uninitialized proxies.
Failure → DENIED
OPERATIONAL STABILITY (F09–F17)
Backup, monitoring, incident response, dependencies, upgrade mechanics. Failures here typically result in CONDITIONAL unless critical.
[F09]
Backup & Recovery
Data backup procedures, restore capability, RTO/RPO defined, tested recovery.
Failure → CONDITIONAL
[F10]
Monitoring
Alerting on failures, anomaly detection, visibility into critical paths, log retention.
Failure → CONDITIONAL
[F11]
Incident Response
Runbooks exist, escalation defined, incident handling documented, contact chain.
Failure → CONDITIONAL
[F12]
Session Management
Auth mechanisms, JWT/session handling, key storage practices, signing flow security.
Failure → DENIED
[F13]
Rate Limiting
Abuse prevention, DDoS mitigation, API limits, resource exhaustion protection.
Failure → CONDITIONAL
[F14]
Dependency Audit
External libs assessed, SDK trust boundaries, version pinning, known CVEs addressed.
Failure → DENIED
[F15]
Upgrade Mechanism
Proxy safety, storage layout preservation, rollback capability, no destructive upgrades.
Failure → DENIED
[F16]
Timelock / Governance
Delay on sensitive ops, community oversight where applicable, no instant-rug capability.
Failure → CONDITIONAL
[F17]
Operational Documentation
Runbooks, architecture diagrams, handover docs, change management.
Failure → CONDITIONAL
RESILIENCE LAYER (F18–F25)
PQC, invalidation, SPOF, key management, disaster recovery. Long-term survivability.
[F18]
PQC Readiness
Cryptographic inventory (CBOM), migration path to PQC algorithms, algorithm readiness assessment.
Failure → CONDITIONAL
[F19]
Invalidation
Pause/kill switch, emergency controls, invalidation mechanism presence, no blind execution.
Failure → DENIED
[F20]
SPOF
Single points of failure identified, admin architecture assessed, mitigation or documented acceptance.
Failure → DENIED
[F21]
Key Management
Key rotation capability, secure storage, recovery procedures, no hardcoded secrets.
Failure → DENIED
[F22]
Disaster Recovery
DR plan exists, failover tested, geographic redundancy where applicable.
Failure → CONDITIONAL
[F23]
Migration Capability
Data portability, vendor lock-in assessment, exit path defined.
Failure → CONDITIONAL
[F24]
Third-Party Risk
Vendor SLAs, integration security, dependency failure impact.
Failure → CONDITIONAL
[F25]
Sunset / Exit
Graceful shutdown path, user migration plan, no orphaned users.
Failure → CONDITIONAL
EVALUATION LIFECYCLE
How the protocol applies depending on project stage. Same 25 functions; different emphasis.
PRE-LAUNCH
Go/no-go before deployment. Core logic and critical resilience functions drive the verdict.
[F01] [F02] [F03] [F04] [F05] [F06] [F07] [F08] [F14] [F15] [F16] [F19] [F20] [F21]
POST-DEPLOY
Operational readiness. Backup, monitoring, incident response, documentation.
[F09] [F10] [F11] [F12] [F13] [F17] [F22]
MAJOR UPGRADE
Re-clearance required. Contract changes, PQC migration, new dependencies.
[F01] [F02] [F05] [F08] [F15] [F18] [F23]
PROJECT ID & VERIFICATION
Each evaluation receives a unique Project ID. Verdict snapshot stored. Publicly verifiable via Verify and Stats.
{"project_id": "PRJ-001", "status": "GRANTED", "timestamp": "T0", "reason": "..."}
Note: Read-only snapshot. No sensitive data. Timestamp, Project ID, status, reason only.
VALIDITY & BOUNDARY
Clearance reflects the project state at T0. Report includes validity period. After expiry or material change, verdict is historical. New evaluation required. No negotiation. Verdict is final.