Proposal: Canton Security Framework

Development Fund Proposal Submission

Proposal file: /proposals/canton-security-framework.md

Tech and Ops Committee Champion: Canton Foundation

Summary

CredShields Technologies proposes the Canton Security Framework (CSF), an open-source security methodology purpose-built for DAML-based applications on Canton, alongside a Canton-native AI-powered security validation CLI tool. The framework introduces a structured taxonomy of Canton-specific vulnerabilities such as signatory/controller misconfigurations, divulgence risks, CIP-56 authentication gaps, cross-domain Byzantine participant exploits, and package upgrade compatibility issues. Deliverables include a DAML Workflow Security Checklist, CIP-56 Security Validation Guidelines, two reference security analyses, a public developer documentation site, and an open-source validation tool. The proposal requests $62,500 over an 18-week delivery timeline, with all outputs published publicly for the broader Canton ecosystem.

Checklist

• [x] Proposal file added under /proposals/
• [x] Milestones and funding amounts defined
• [x] Acceptance criteria included
• [x] Alignment with Canton priorities described

Notes for Reviewers

This proposal focuses exclusively on open-source security infrastructure for the Canton ecosystem, including the CSF taxonomy, validation rules, CLI tooling, checklists, guidelines, and documentation. The work is designed specifically for DAML and Canton rather than adapted from EVM-based tooling. The framework is modelled on the OWASP Smart Contract Weakness Enumeration methodology and will be published publicly under an open-source licence. CredShields brings prior experience co-authoring OWASP smart contract standards, completing over 6 million scans, building 700+ AI vulnerability detectors, and performing 350+ security audits. The proposal also includes a 12-month post-publication maintenance commitment for all deliverables.