Development Fund Proposal Submission
Proposal file: composable-key-threat-audit-proposal.md
---
Summary
The proposal is for a key-threat-based security audit of Canton's Scala codebase by Composable Security. Rather than an exhaustive line-by-line review, the audit prioritizes the highest-impact threats and focuses deep manual review on the code paths where those threats materialize (sequencer, mediator, participant nodes, cross-domain protocols, and API surfaces).
Value to the Canton ecosystem: The audit delivers actionable, code-level security findings with proof-of-concept exploits and specific fix recommendations. This directly supports the Development Fund's mandate (CIP-0082) to invest in security as a core public good, while providing the Tech & Ops Committee and network operators with verified assurance as the ecosystem scales with new Super Validators, token registries, and dApp integrations.
---
Checklist
- [x] Proposal file added under
/proposals/ - [x] Milestones and funding amounts defined
- [x] Acceptance criteria included
- [x] Alignment with Canton priorities described
---
Notes for Reviewers
Why this methodology for Canton: Canton's codebase is large and complex. A uniform audit at this budget would spread effort thin and likely miss the bugs that matter. Key-threat-based auditing concentrates review on the code paths where exploits actually happen; this is how we found critical vulnerabilities in other Scala L1 implementations.
Why Composable Security: We have direct experience with (1) Scala-based blockchain implementations, (2) permissioned multi-operator ledger systems (Hyperledger Fabric for banking consortia), and (3) complex off-chain infrastructure (Lido's off-chain oracle). Canton sits at the intersection of all three. We are not learning on this engagement.
