Cloak
Create01Spend02How03Features04Docs05Paper06
Dashboard
Security

The protocol is the threat model.

Cloak's privacy guarantees are only as strong as the code enforcing them. This page is the index of our audit trail, bug bounty program, and responsible-disclosure policy. Everything is public, reproducible, and signed.

Audits3published · 1 scheduled
Bounty ceiling$500kvia Immunefi · live
Open source5repos · MIT + AGPL
Setup ceremony4parties · transcripts signed
01 · Audits

Third-party review

Every circuit and settlement contract ships with an audit report. Reports are linked below with full text and remediation status.

2026-02

Trail of Bits

published
spend.circom · deposit.circom
Findings1 low · 2 informational · all resolved
read · TOB-CLK-01.pdf
2026-03

Least Authority

published
Relayer protocol · Sphinx layer
Findings0 critical · 1 high · 3 medium · all resolved
read · LA-CLK-2026-03.pdf
2026-Q3

Zellic

scheduled
Recursive proof composition (upcoming)
Findingsengagement signed · not yet started
report pending
02 · Bug bounty

Immunefi · always-on

Administered via Immunefi. Severity ladder matches Immunefi Vulnerability Severity Classification v2.3 for DeFi. Scope covers all repos under cloakfi/* and the deployed Solana program.

Submit report
CriticalTheft or freezing of user funds · pool drain · cryptographic break of spend circuitUp to $500,000
HighRelayer deanonymization · nullifier replay · privilege escalation on Solana programUp to $50,000
MediumDenial of service with moderate cost · metadata leaks at relayer boundaryUp to $5,000
LowHardening · timing side channels · minor metadata leakageSwag + acknowledgment
03 · Responsible disclosure

How to report

  1. STEP 01

    Gather the details

    Describe the vulnerability, affected component, estimated severity, and reproduction steps. Include PoC code or transaction hashes where applicable.

  2. STEP 02

    Encrypt and send

    Email security@cloak.app, encrypted with our PGP key (fingerprint 4E2A 7B19 3F0A DD44 C021 9E82 1E7B FF9D). Or file a private advisory on GitHub via /security/advisories/new.

  3. STEP 03

    Acknowledgement · 48 hours

    We confirm receipt and assign a severity within two business days. You get a tracking ID and a triage engineer.

  4. STEP 04

    Coordinated fix

    We develop a fix, coordinate with relayer operators, and schedule a protocol upgrade. Embargo windows for critical issues are typically 14–30 days.

  5. STEP 05

    Publish

    Full advisory, credit, and bounty payment on disclosure day. Every resolved report is catalogued at cloakfi/advisories.

04 · Supply chain

Pinned · reviewed · reproducible

All cryptographic dependencies are pinned, vendored where possible, and verified against upstream release signatures. We do not pull from unfrozen tags.

PackageVersionNote
@noble/ciphers1.3.2ChaCha20-Poly1305 · audited
@noble/hashes1.8.0SHA-2/3 · audited
noble-ed255192.3.1Edwards-25519 · audited
snarkjs0.7.4Groth16 prover/verifier
circomlib2.0.5Poseidon, Merkle primitives
@solana/web3.js1.95.8Pinned · reviewed
katex0.16.xDocs rendering only · no runtime
Contact

security@cloak.app

PGP · 4E2A 7B19 3F0A DD44 C021 9E82 1E7B FF9D