Skip to content

Tracker: SPEC v0.2 review findings (June 2026) #23

Description

@iret77

Umbrella issue for the June 2026 review of SPEC.md v0.2. All findings carry the spec-review label; severity is on each issue.

Critical (implementation blockers / security)

High

Medium

Opportunities

Suggested order of attack

  1. §6.1/§6.3: Signature input and hash coverage of proof[] are undefined #4, §7.4: N-party accepts conflict with the linear hash chain #5 — pure spec-text fixes, unblock any implementation work.
  2. §6.2.1/§13: Uncontested enforcement requires contract-readable anchor state — missing DLT requirement #6, §6.5: PQC-gated status mutation is impractical to enforce on-chain as specified #7 — architectural decisions that shape the settlement-interface design; resolve before Phase-2 PoC.
  3. §5.3: Mandate revocation enables TOCTOU/repudiation via a mutable HTTPS status list #8, §8.3/§9.2: VRF witness/arbiter selection is grindable #9, §9.4: No evidence window or ruling deadline — escrow can be stranded in CHALLENGED #10, §9.4/§6.2.1: Asserter bond is SHOULD-only — false assertions are free (and the two sections contradict each other) #12, §9.3/§7.4: Permissionless anchoring enables thread pollution and dispute-freeze griefing #13 — security/liveness; mostly additive normative rules.
  4. Rest in severity order; §7.4/§10: No mutual-settlement fast path — every payment waits out the challenge window #14/§7: No amendment or mutual rescission after ACCEPTED/EXECUTED #15/§7: Milestone / partial-performance support #22 fit naturally together (they all touch mutual co-signed Objects and the basis: "mutual_settlement" directive).

Metadata

Metadata

Assignees

No one assigned

    Labels

    spec-reviewFindings from the v0.2 spec review (June 2026)

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions