Security Model
Defense-in-depth architecture. Five concentric layers of security inherited from Ethereum, ensuring protocol integrity through cryptographic guarantees and economic incentives.
Defense-in-Depth
Five concentric layers of security, from Ethereum settlement to cryptographic primitives.
Ethereum Settlement
State roots committed to Ethereum L1. Final arbiter of security. 7-day challenge window for fraud proof submission.
Fraud Proofs
Interactive bisection protocol verified on Ethereum. Single honest participant property — only one honest validator needed to challenge invalid state.
Validator Oversight
Top 100 validators by stake, 95% uptime requirement. Slashing: 5% for offline, 25% for invalid fraud proof, 100% for double-signing.
Deterministic Execution
EVM bytecode compatibility ensures identical state transitions across all validators. No non-deterministic behavior.
Cryptographic Primitives
Keccak-256 hashing, ECDSA signatures, ChaCha20-Poly1305 encryption, Merkle-Patricia Trie state commitments.
Source: XHAVIC Technical Whitepaper v1.0, Figure 6
Interactive Fraud Proofs
Bisection protocol narrows disputes to a single EVM instruction. O(log n) proof generation complexity.
Xhavic uses an interactive bisection protocol for fraud proof verification. When a validator disputes a state root, the protocol narrows down the disagreement to a single EVM instruction, which is then verified on Ethereum L1.
Single honest participant property: Only one honest validator is needed to successfully challenge an invalid state transition. The protocol does not rely on a majority of validators being honest.
Challenge Submitted
Validator disputes state root on L1
Interactive Bisection
Narrow disagreement to single instruction
L1 Resolution
Ethereum verifies the single instruction & slashes malicious party
Validator System
Economic security through XHAV staking, slashing, and performance requirements. Anyone can become a validator by staking XHAV tokens.
| Parameter | Value | Details |
|---|---|---|
| Active Set | Top 100 | Selected by stake weight (XHAV token). Anyone can become a validator candidate by staking. |
| Selection Model | Stake-weighted | Validators ranked by total stake, historical uptime, and performance metrics. |
| Delegation | Supported | Token holders can delegate stake to validators. Delegators share in rewards and slashing. |
| Uptime Requirement | 95% | 30-day rolling. Below threshold: jailed, rewards paused, recovery period required. |
| Challenge Window | 7 days | Period for fraud proof submission after state root commitment to Ethereum. |
| Offline Slashing | 5% | Stake slashed for extended downtime beyond the 95% threshold. Gradual penalty. |
| Invalid Fraud Proof | 25% | Stake slashed for submitting a fraudulent challenge. Deters griefing attacks. |
| Double-Signing | 100% | Full stake slashed. Maximum penalty for the most severe protocol violation. |
| Epoch Duration | 2 hours | Validator set recomputed each epoch based on stake and performance. |
| Tie-Breaking | Deterministic | Uptime → Staking duration → Performance metrics → Hash-based lottery. |
Source: XHAVIC Technical Whitepaper v1.0, Table 3
Cryptographic Primitives
Battle-tested cryptographic building blocks powering protocol integrity.
Keccak-256
Hash Function
State hashing, address derivation, and Merkle tree construction. The same hash function used by Ethereum, ensuring full compatibility and proven security.
ECDSA (secp256k1)
Signatures
Transaction signing and validator authentication. Elliptic curve cryptography for secure identity verification.
ChaCha20-Poly1305
Encryption
Threshold encryption for MEV protection. Authenticated encryption with associated data (AEAD) for secure communications.
Merkle-Patricia Trie
State Structure
State commitment, inclusion proofs, and data integrity verification. Enables efficient proof generation for fraud proof challenges and state synchronization across nodes.
Source: XHAVIC Technical Whitepaper v1.0, Table 5
Censorship Resistance
Multiple mechanisms ensure no single entity can censor transactions.
Sequencer Censorship
Force-include mechanism via L1. Users can submit transactions directly to Ethereum, bypassing the sequencer entirely. Penalties: stake slashing + reward loss + suspension.
State Root Manipulation
Interactive bisection fraud proofs. Any validator can challenge invalid state within the 7-day window. Single honest participant is sufficient.
Data Withholding
Transaction data posted to Ethereum calldata. Full state reconstructible from L1 data. Redundant off-chain copies maintained.
Force-Include via L1
If the sequencer censors a transaction, users can submit it directly to the Ethereum L1 CanonicalTransactionChain contract. The sequencer is contractually obligated to include force-included transactions within a specified window.
Security Audit Progress
Transparent audit timeline and milestones.
Internal Security Review
Comprehensive internal audit of smart contract logic, sequencer code, and fraud proof implementation. All critical findings addressed and mitigated.
Testnet Deployment & Bug Bounty
Public testnet launch with active bug bounty program. Community-driven security testing and stress testing of all protocol components.
External Audit — Phase I
Independent third-party audit of core smart contracts and bridge mechanisms. Focus on L1 settlement contracts and fraud proof verification logic.
External Audit — Phase II
Full protocol audit including sequencer, validator economics, and cryptographic implementations. Final audit report published publicly.
Mainnet Launch
Production deployment with all audit findings resolved. Ongoing bug bounty and continuous security monitoring.
Read the Full Security Documentation
Detailed security model, threat analysis, and cryptographic specifications.
Security Docs →