From e5360aa9996c08df2e62ce6cb1682b966a5fd76f Mon Sep 17 00:00:00 2001 From: satyakwok Date: Thu, 7 May 2026 16:14:35 +0200 Subject: [PATCH] docs: prototype banner + scoped SECURITY (audit H1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Solux currently has zero crypto implementation — no key generation, no signing, no on-chain integration. README previously positioned the app as a 'self-custody mobile wallet'; users could install the APK believing they could store real SRX in it. The 'Send', 'View Seed Phrase', and 'Export Private Key' buttons are non-functional placeholders. Per 2026-05-07 audit (audits/2026-05-07-solux-audit.md H1), add a prototype banner at the top of README and update SECURITY.md scope to reflect that key-handling reports won't apply until the crypto layer lands. The repo IS still receiving security reports for UI/ build/deps vulns — that scope is preserved. --- README.md | 4 +++- SECURITY.md | 14 +++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ff41a5e..a5cf064 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,9 @@ [![Latest release](https://img.shields.io/github/v/release/Sentriscloud/solux?include_prereleases&sort=semver)](https://github.com/Sentriscloud/solux/releases/latest) -Self-custody mobile wallet for [Sentrix Chain](https://sentrixchain.com) (SRX). Flutter, multi-platform (Android primary; iOS, macOS, Linux, Windows targets supported). +> ⚠️ **PROTOTYPE — DO NOT SEND REAL FUNDS.** This repository currently contains UI scaffolding only. There is no key generation, no signing, no on-chain integration. The "send", "view seed phrase", and "export private key" buttons are non-functional placeholders. Treat any APK built from this repository as a design preview, NOT a working wallet. Crypto layer (key gen, BIP-39 seed, transaction signing, RPC integration) is on the roadmap; this README will be updated when those land. + +UI prototype for a future self-custody mobile wallet on [Sentrix Chain](https://sentrixchain.com) (SRX). Flutter, multi-platform (Android primary; iOS, macOS, Linux, Windows targets supported). Part of the [SentrisCloud](https://github.com/sentriscloud) product suite. diff --git a/SECURITY.md b/SECURITY.md index 019be6f..9653378 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,12 +21,16 @@ Please include: ## Scope -In scope: +This repository is currently a **UI prototype** — no key generation, signing, or chain integration is implemented. Any "wallet" path in the app is a non-functional placeholder. -- Smart contracts deployed via canonical addresses on Sentrix Chain (chain ID 7119 mainnet, 7120 testnet) -- Sentrix node binary (consensus, state, EVM) -- Frontend apps that handle user keys or balances (faucet, scan, coinblast, dex, solux) -- Indexer / SDK that touches user-controlled data +Reports about UI/UX, build pipelines, and dependency vulnerabilities are still in scope. Reports about key handling / signing / sending funds are not applicable until the crypto layer lands (see README). + +In scope when crypto layer lands: + +- Key generation, storage, signing +- Transaction construction + RPC integration +- Mnemonic / seed handling +- Build configs (release signing, ProGuard / R8) Out of scope: