Skip to main content
This page summarizes the security guarantees Tachyon stands behind. For the integrator-facing privacy breakdown, see privacy guarantees.

Properties Tachyon guarantees

PropertyWhat it means
ConfidentialityIntent contents are end-to-end encrypted. Only the user (via viewing key) and the assigned solver can read an intent.
IntegritySettlement transactions are verifiable on-chain. The protocol guarantees an intent settles for the user it was signed by, to the recipient and amount the user authorized.
AvailabilityA diverse network of solvers means no single party is required for delivery. If solvers don’t fill, users are refunded via the on-chain escape mechanism.
Censorship resistanceThe protocol cannot selectively block valid signed intents. The escape mechanism guarantees recoverability of funds independent of any operator’s cooperation.
Compliance compatibilityConfidentiality does not prevent auditability. Selective disclosure lets users grant scoped read access to designated counterparties.

What Tachyon (the organization) cannot see

  • Intent amounts
  • Intent sender or recipient addresses
  • Intent parameters (token pairs, TWAP slices, payroll amounts, x402 merchant addresses)
  • User viewing keys or viewing permission lists
This is by design. The organization is not in a position to leak data it doesn’t hold.

Threat model summary

ThreatTachyon’s answer
Chain-watching adversarySees only stealth-address activity, no linkage.
Solver trying to read foreign intentsCannot, solvers only receive intents they have won.
Solver trying to leak intents they did winConstrained by the protocol; misbehavior is detectable and economically penalized.
Operator trying to read intentsCannot, protocol is designed so operators have no plaintext access.
Protocol haltOn-chain escape mechanism returns funds to users.
Future cryptanalysis (incl. quantum)Hybrid cryptography designed to resist current and future attacks.
For the full per-threat treatment, see privacy guarantees → threat model.

Audits

Audits are in progress. Reports will be published here and linked from this page when complete.

Bug bounty

A formal bug bounty is not active today. Responsible disclosures are still welcome via the channel below.

Status and disclosure

Real-time status is surfaced directly in the user dashboard at testnet.app.tachyon.pe, there is no separate status page today. To report a security vulnerability, email sudeep@tachyon.pe. Please do not open public GitHub issues for security bugs.

Testnet caveats

Tachyon is currently on testnet. The architecture and guarantees are operational on testnet, but you should not use real funds or production data until mainnet launches.

Auditor access

How to wire designated auditors into your integration.