All notable changes to SolVoid will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- CRITICAL: Fixed OS Command Injection vulnerability in
ceremony/coordinator.ts(CVE-pending)- Replaced all vulnerable
execSynccalls with safespawnSyncusing array-based arguments - Added
safeExec()helper function withshell: falseto prevent shell interpretation - Added
sanitizeInput()function to strip dangerous characters from user input - Added
validatePath()function for path traversal protection - Affected functions:
initialize(),contribute(),finalize() - Attack vector: Malicious contributor names could execute arbitrary shell commands
- Severity: Critical (CVSS 9.8)
- Replaced all vulnerable
- Ceremony coordinator now uses
spawnSyncinstead ofexecSyncfor all external commands - User-provided contributor names are sanitized before use in snarkjs commands
CHANGELOG.mdfor comprehensive version history- GitHub Actions release workflow for automated npm/GitHub publishing
- npm version, downloads, and GitHub release badges in README
- Unified documentation and cleanup of legacy files
- Streamlined codebase with removal of deprecated modules
- Full production-ready RescueEngine implementation
- Jito-MEV bundle integration for atomic asset recovery
- Economic Safety Layer with circuit breaker controls
- Emergency fee multiplier system (1x-10x)
- RescueEngine build errors resolved
- TypeScript compilation issues in SDK
- Production migration path finalized
- Upgraded to production-grade error handling
- Improved vault PDA derivation logic
- Administrative SDK methods (
triggerEmergencyMode,disableEmergencyMode) - Circuit breaker controls (
triggerCircuitBreaker,resetCircuitBreaker) - Enhanced CLI admin commands
- SDK build errors for administrative infrastructure
- Method signature alignment across modules
- Achieved visual parity between GitHub and npm READMEs
- Unified documentation styling across platforms
- Comprehensive ecosystem documentation
- ZK circuits reference guide
- Jito-MEV integration docs
- QA standards documentation
- Merged ecosystem docs into SDK README
- Synchronized SDK documentation
- Version bump for documentation updates
- Professionalized release documentation
- Enhanced README formatting
- Synchronized
prepareWithdrawalwith updatedgenerateZKProofsignature - Path normalization across codebase
- Professionalized documentation and source code comments
- Major codebase sanitization
- Minor bug fixes and stability improvements
- Post-release hotfixes
- Package configuration corrections
- Ghost Score privacy reputation system
- Shadow Relayer network with onion routing (1-5 hops)
- CLI tools (
shield,withdraw,ghost,rescue,admin) - TypeScript SDK with full type definitions
- Upgraded Merkle tree implementation
- Enhanced ZK proof generation pipeline
- ZK-SNARK Privacy Engine: Groth16 proofs on BN254 curve
- Poseidon-3 Hashing: Circuit-optimized hash function with cross-platform parity
- On-Chain Program: Anchor-based Solana program with depth-8 Merkle tree
- Root History: 50-root sliding window for proof freshness
- Nullifier Protection: PDA-based double-spend prevention
- Non-custodial shielded pool architecture
- Deposit and withdrawal lifecycle management
- Field element validation for BN254 compliance
- TypeScript SDK (
SolVoidClient) - Basic CLI interface
- Integration test suite
- npm: npmjs.com/package/solvoid
- GitHub: github.com/brainless3178/SolVoid
- Documentation: README.md