docs: storage audit — no PII in contract storage by devSoniia · Pull Request #3 · devSoniia/paystream-contracts

devSoniia · 2026-04-26T13:20:12Z

Summary

Completes the storage audit required by Vera3289#67.

What was audited

Every DataKey variant in contracts/stream/src/types.rs and every TokenDataKey variant in contracts/token/src/types.rs, across all three Soroban storage tiers (persistent, instance, temporary).

Findings

No PII or sensitive off-chain data found. All stored values are cryptographic addresses, numeric amounts, boolean flags, or enumerations.

Full findings documented in docs/security/storage-audit.md.

Checklist

Storage audit completed
No PII in any storage value
Audit findings documented in docs/security/storage-audit.md

Closes Vera3289#67

Audits all DataKey and TokenDataKey variants across both contracts. No PII found. Documents methodology, findings, and recommendations. Closes Vera3289#67

docs: add storage audit confirming no PII in contract storage

12e1f63

Audits all DataKey and TokenDataKey variants across both contracts. No PII found. Documents methodology, findings, and recommendations. Closes Vera3289#67

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: storage audit — no PII in contract storage#3

docs: storage audit — no PII in contract storage#3
devSoniia wants to merge 1 commit into
mainfrom
feat/storage-audit-67

devSoniia commented Apr 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

devSoniia commented Apr 26, 2026

Summary

What was audited

Findings

Checklist

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant