1. Summary
| Category | Items | Passed | Failed | Pending |
|---|---|---|---|---|
| Consensus invariants | 4 | 4 | 0 | 0 |
| Hash function isolation (incl. B3PoW-Scratch sub-checks) | 4 | 4 | 0 | 0 |
| Network isolation | 1 | 1 | 0 | 0 |
| Wallet & address safety | 2 | 2 | 0 | 0 |
| Build / regression | 2 | 2 | 0 | 0 |
| Attack simulation | 1 | 1 | 0 | 0 |
| Operator tools (M-14 + monitoring) | 1 | 1 | 0 | 0 |
| Total | 15 | 15 | 0 | 0 |
2. Checklist
| ID | Item | Script | Status | Detail |
|---|---|---|---|---|
| C-1 | Block subsidy halves at every 210 000 blocks | audit-supply-cap.py | PASS | page |
| C-2 | Total supply caps at 20 999 999.97690000 B3C | audit-supply-cap.py | PASS | page |
| C-3 | Subsidy returns 0 after halving 64 | audit-supply-cap.py | PASS | page |
| C-4 | Difficulty retarget enforces 4× bounds | audit-supply-cap.py | PASS | page |
| H-1 | PoW / Block-ID hash isolation (B3PoW-Scratch v1.1.1 vs SHA-256d) | audit-b3pow-isolation.py | PASS | page |
| H-1.1 | B3PoW verifier wall-clock budget enforcement (BLOCK_POW_BUDGET → Misbehaving) | audit-b3pow-budget.py | PASS | page |
| H-1.2 | LRU scratchpad cache wiring (b3pow::Cache & b3pow_cache_tests) | audit-b3pow-cache.py | PASS | page |
| H-1.3 | MAX_B3POW_VERIFY_PER_BATCH HEADERS-cap enforcement | audit-b3pow-headers-cap.py | PASS | page |
| N-1 | Bitcoin magic / DNS seed isolation | audit-network-isolation.py | PASS | page |
| W-1 | Bitcoin address rejection (36 samples) | audit-address-rejection.py | PASS | page |
| W-2 | HD wallet BIP44 coin_type 9333 | audit-hd-coin-type.py | PASS | page |
| B-1 | BLAKE3 primitive determinism (SIMD vs portable C) | audit-simd-blake3.py | PASS | page |
| B-2 | Rebranding regression scan | audit-rebranding.sh | PASS | page |
| A-1 | 51% attack live regtest demo | audit-51-attack-sim.py | DEMO | page |
| A-10 | M-14 operator-pinned chain-recovery RPCs (finalizeblock, unfinalizeblock, parkblock, unparkblock, getfinalizedblockhash) — persistence + bypass-path coverage | src/rpc/blockchain.cpp, src/validation.cpp, src/node/blockstorage.cpp | PASS | page |
3. Run the whole suite
cd b3chain bash contrib/testing/audit/run-all.sh
Every audit script prints
AUDIT RESULT: PASS or AUDIT RESULT: FAIL on
its final line. The wrapper exits with the worst status it observed.
4. Findings & remediation (first run)
The first end-to-end run caught real regressions left over from the
rebranding pass. They were fixed in the same commit set as the audit
framework. Full table in
doc/SECURITY-AUDIT.md.
- 5 leftover Qt
tr()strings still said "Bitcoin" instead of "B3Chain" — fixed. - One RPC error message in
src/rpc/rawtransaction_util.cppstill said "Invalid Bitcoin address" — fixed. doc/Doxyfile.instill setPROJECT_NAME = "Bitcoin Core"— fixed.- ~30 references to
bitcoind/bitcoin-cliincontrib/*/README.md— bulk-renamed.
5. Source files
-
doc/SECURITY-AUDIT.md— master checklist -
contrib/testing/audit/— audit scripts -
src/test/audit/consensus_invariants_tests.cpp— C++ counterpart