RaycashDocs
Security

Audits

External security reviews of the Raycash protocol and app.

Security claims are only as good as their verification. This page tracks external reviews of the Raycash contracts and app. It will be kept current as audits complete.

Smart contract audits

No audits published yet. Updates will land here as they complete.

Scope planned for audit:

  • RaycashWrapper — the core confidential token wrapper (ERC-7984 + async wrap/unwrap + hook system)
  • RaycashDepositor — CREATE2 counterfactual deposit contract
  • RaycashKycHook — transfer-time policy enforcement
  • RaycashKycAttesterResolver — EAS-based attestation
  • CardChargesEscrow — card settlement escrow

Cryptographic review

Raycash relies on Zama's FHEVM for its FHE primitives. Zama publishes their own security analysis and audit reports. We do not re-audit Zama's construction; we audit our use of it.

Mobile app review

Bug bounty

We intend to run a bug bounty program covering contracts and the mobile app. Details will be published here once it's live.

Responsible disclosure

If you believe you've found a vulnerability, please report it privately before public disclosure.

Expected response: acknowledgement within two business days, status update within a week. We will credit reporters (with permission) in our audit log.

Audit log

A chronological list of reviews, reports, and material security changes will appear here as the program matures.

Was this page helpful?

Key management

Where your key lives, how it's protected, and what Raycash servers can and cannot touch.

Protocol Overview

Design principles and component map of the Raycash protocol.

On this page

Smart contract auditsCryptographic reviewMobile app reviewBug bountyResponsible disclosureAudit log