an honest threat model — consensus · economics · contracts · bridge trust · self-mining · governance · ops · web
⚠ Scope & honesty. This is an internal self-review, not a third-party security audit. Every smart
contract here is unaudited and LIQUA is experimental devnet software — tokens carry no monetary value.
Most items below are mainnet risks: acceptable on devnet today, but must be resolved (and a professional audit
obtained) before the Aug 1 2026 mainnet. Severities are judged at mainnet value; status notes what's already
handled. No item is a known funds-loss exploit on the current devnet.
ALLHIGHMEDIUMLOWINFO
Method. A reasoned review of the system's invariants, trust assumptions, and failure modes — read against
the code and the spec, not a scanner. Severity (at mainnet value):
High resolve before mainnet ·
Medium fix / harden ·
Low minor / cleanup ·
Info note. Status:
Open needs work ·
Verify confirm in code ·
Mitigated addressed ·
Accepted devnet tradeoff by design.
Pairs with the automated link & nav audit.