DocumentationPreview
Resources

Security Model

Security considerations and disclaimers

Tech Preview Warning

UPP is currently in tech preview on Sepolia testnet. The system has NOT been audited and may contain critical vulnerabilities. Do not use real funds.

Current Status

What's Deployed

ComponentNetworkStatus
UPP ContractsSepoliaTech Preview
UPP SDKnpm (private)Alpha
Preview Apppreview.upd.ioTesting

What's NOT Ready

  • Mainnet deployment: Not yet available
  • Security audits: Not yet conducted
  • Production use: Not recommended

Security Assumptions

UPP's security relies on:

Cryptographic Assumptions

AssumptionPrimitiveConsequence if Broken
Discrete log hardBabyJubJubSpending keys compromised
Collision resistancePoseidonNote forgery possible
Proof soundnessGroth16Invalid transactions accepted
Encryption securityAES-GCMNote contents exposed

All primitives provide ~128 bits of security against known attacks.

Trust Assumptions

ComponentTrust RequiredImpact
Smart contractsCode correctnessFund safety
Trusted setupToxic waste destroyedProof forgery
ASP operatorsHonest list maintenanceCompliance accuracy
FrontendNo malicious injectionKey safety

What We Don't Trust

  • Observers: Cannot see transaction details
  • Miners/validators: Cannot censor specific users (ZK hides identity)
  • Other users: Cannot steal or forge notes

Known Limitations

Privacy Limitations

Metadata leakage:

  • Transaction timing is visible
  • Gas costs may reveal operation type
  • Shield/unshield amounts are public

Anonymity set:

  • Privacy improves with more pool usage
  • Small anonymity sets reduce privacy
  • Unique amounts may be linkable

Timing analysis:

  • Quick shield→unshield may be linkable
  • Pattern analysis possible over time

Functional Limitations

No partial withdrawals:

  • Must withdraw entire note
  • Create change note if needed

Proof generation:

  • 10-30 seconds per proof
  • Requires significant device resources
  • May be slow on mobile

Scanning:

  • Must scan entire history for balance
  • Slow for new users with old pools

Threat Model

Threats Mitigated

ThreatMitigation
Balance exposureNotes are encrypted
Transaction trackingStealth addresses, ZK proofs
Double spendingNullifier tracking
Note forgeryZK proof verification
Unauthorized spendingSpending key requirement

Threats NOT Mitigated

ThreatWhy Not
Key compromiseUser responsibility
Malicious frontendTrust in app
Trusted setup corruptionCeremony integrity
51% attackChain security
Quantum computersFuture concern

Responsible Disclosure

If you discover a security vulnerability:

  1. Do not publicly disclose until fixed
  2. Do not exploit the vulnerability
  3. Contact us via Telegram (DM an admin)
  4. Include detailed reproduction steps
  5. Allow reasonable time for fix

We appreciate security researchers helping improve UPP.

Bug Bounty

A formal bug bounty program will be announced before mainnet launch.

Audit Status

Planned Audits

ScopeAuditorTimeline
Smart contractsTBDBefore mainnet
ZK circuitsTBDBefore mainnet
Cryptographic reviewTBDBefore mainnet

Previous Reviews

None yet - tech preview stage.

Operational Security

For Users

Protect your keys:

  • Never share spending keys
  • Store backups securely
  • Use hardware wallets when possible

Verify transactions:

  • Check recipient addresses carefully
  • Verify amounts before signing
  • Use official interfaces only

Stay updated:

  • Follow official channels for security updates
  • Update SDK/app promptly
  • Be aware of phishing attempts

For Developers

SDK usage:

  • Always use latest SDK version
  • Validate all inputs
  • Handle errors gracefully
  • Never log sensitive data

Integration:

  • Audit integration code
  • Test on testnet first
  • Monitor for unusual activity

Testnet vs Mainnet

Testnet (Current)

  • Test tokens only (no value)
  • Bugs expected
  • May reset without notice
  • Not for sensitive data

Mainnet (Future)

  • Real value at stake
  • Audited code
  • Production monitoring
  • Incident response plan

Disclaimers

No Warranty

UPP is provided "as is" without warranty of any kind. The developers are not liable for any losses resulting from use of the software.

Not Financial Advice

Nothing in this documentation constitutes financial, legal, or tax advice. Consult professionals for your specific situation.

Regulatory Compliance

Users are responsible for complying with applicable laws and regulations in their jurisdiction. UPP provides tools for compliance but does not guarantee regulatory approval.

Experimental Technology

Zero-knowledge cryptography and privacy-preserving finance are emerging fields. Unforeseen issues may arise. Use at your own risk.

Glossary

Terms and definitions

On this page

Current StatusWhat's DeployedWhat's NOT ReadySecurity AssumptionsCryptographic AssumptionsTrust AssumptionsWhat We Don't TrustKnown LimitationsPrivacy LimitationsFunctional LimitationsThreat ModelThreats MitigatedThreats NOT MitigatedResponsible DisclosureBug BountyAudit StatusPlanned AuditsPrevious ReviewsOperational SecurityFor UsersFor DevelopersTestnet vs MainnetTestnet (Current)Mainnet (Future)DisclaimersNo WarrantyNot Financial AdviceRegulatory ComplianceExperimental Technology