Security Policy – MoltShell

MoltShell is committed to maintaining the highest security standards. We take all security vulnerabilities seriously and appreciate responsible disclosure from the security research community.

Security Overview

MoltShell is built with security as a foundational principle. As a post-quantum blockchain designed for Digital Euro infrastructure, we employ cutting-edge cryptographic primitives that are resistant to both classical and quantum computing attacks.

Cryptographic Specifications

Digital Signatures

Algorithm Dilithium2

Standard NIST FIPS 204

Security Level NIST Level 2

Public Key 1,312 bytes

Signature 2,420 bytes

Hashing & Encryption

Hash Function BLAKE3

Address Encoding Bech32m

Wallet Encryption AES-256-GCM

Key Derivation PBKDF2

Responsible Disclosure

If you discover a security vulnerability in MoltShell, please report it responsibly:

Do not publicly disclose the vulnerability until we have addressed it
Do not exploit the vulnerability beyond what is necessary to demonstrate it
Provide sufficient detail to reproduce and understand the issue
Allow reasonable time for us to address the vulnerability before public disclosure

How to Report

Please send all security reports to:

Email: security@technology-institute.eu

Include the following information:

Description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Any suggested remediation (if applicable)
Your contact information for follow-up

Response Timeline

Initial Response: Within 48 hours
Status Update: Within 7 days with initial assessment
Resolution Target: Critical vulnerabilities within 30 days

Bug Bounty Program Coming Soon

We are developing a formal bug bounty program to reward security researchers who help us identify and fix vulnerabilities. Details will be announced when the program launches.

Security Audit Status

⚠️ Testnet Notice: MoltShell is currently in testnet phase. While we employ rigorous security practices, the codebase has not yet undergone a formal third-party security audit. Please do not use testnet tokens for anything of real value.

Planned Audits:

Cryptographic implementation review (Dilithium2, BLAKE3)
Consensus mechanism audit (CometBFT integration)
Transaction validation audit
Wallet security audit (key management, encryption)

Scope

The following are considered in-scope for security reports:

Core blockchain protocol (consensus, transaction processing)
Cryptographic implementations
Wallet and key management
API endpoints and authentication
Web interfaces (moltshell.io)

Out of Scope

Social engineering attacks on team members
Physical attacks on infrastructure
Denial of service attacks
Issues already known and being addressed
Third-party dependencies with their own disclosure processes

Contact

For security-related inquiries:

Security Team
Technology Institute UG (haftungsbeschränkt)
Email: security@technology-institute.eu

For general inquiries: info@technology-institute.eu