Audit-readiness pack for SCF Soroban Security Audit Bank submission

.gitignore

@@ -0,0 +1,3 @@
+**/target
+**/node_modules
+**/dist

Makefile

@@ -0,0 +1,53 @@
+# Top-level convenience targets for the stellar-pq workspace.
+#
+# Usage:
+#   make build           # build all three contract WASMs
+#   make build-account   # build only the smart-account WASM
+#   make test            # cargo test on every crate
+#   make e2e             # run the testnet end-to-end harness (assumes `make build` and e2e/.env)
+#   make ct-scan         # rerun the constant-time analysis fixtures
+#   make audit-scan      # rerun cargo audit + clippy across all crates
+
+.PHONY: build build-account build-verifier build-core test e2e ct-scan audit-scan scout-scan clean
+
+CRATES := falcon-512-core soroban-falcon-smart-account soroban-falcon-verifier
+ACCOUNT_WASM := target/wasm32v1-none/release/soroban_falcon_smart_account.wasm
+
+build:
+	@for c in $(CRATES); do \
+		echo "==> stellar contract build -p $$c"; \
+		(cd contracts/$$c && stellar contract build) || exit $$?; \
+	done
+
+build-account:
+	cd contracts/soroban-falcon-smart-account && stellar contract build
+
+build-verifier:
+	cd contracts/soroban-falcon-verifier && stellar contract build
+
+build-core:
+	cd contracts/falcon-512-core && cargo build --release
+
+test:
+	@for c in $(CRATES); do \
+		echo "==> cargo test -p $$c"; \
+		(cd contracts/$$c && cargo test --release) || exit $$?; \
+	done
+
+e2e: build-account
+	cd e2e && bun install --silent && bun run start
+
+ct-scan:
+	bash docs/audit/ct-analysis/run.sh
+
+audit-scan:
+	bash docs/audit/dep-scan/run.sh
+
+scout-scan:
+	bash docs/audit/scout-scan/run.sh
+
+clean:
+	@for c in $(CRATES); do \
+		(cd contracts/$$c && cargo clean); \
+	done
+	rm -rf e2e/node_modules e2e/runs

contracts/falcon-512-core/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "falcon-512-core"
+version = "0.1.0"
+edition = "2021"
+publish = false
+description = "Falcon-512 signature verifier core (no_std, no soroban deps) shared by the verifier and smart-account contracts"
+
+[lib]
+crate-type = ["rlib"]
+
+[dependencies]
+sha3 = { version = "0.10.8", default-features = false }
+
+[profile.release]
+opt-level = "z"
+overflow-checks = true
+debug = 0
+strip = "symbols"
+debug-assertions = false
+panic = "abort"
+codegen-units = 1
+lto = true

contracts/falcon-512-core/src/lib.rs

@@ -0,0 +1,42 @@
+#![no_std]
+
+//! Falcon-512 verifier core.
+//!
+//! Pure, `no_std`, soroban-sdk-free implementation of Falcon-512 signature
+//! verification. Shared by `soroban-falcon-verifier` and
+//! `soroban-falcon-smart-account` so that crypto fixes land in one place.
+
+mod ntt;
+pub mod verify;
+
+pub use verify::FalconVerifier;
+
+// Falcon-512 parameters (fixed by the NIST submission).
+pub const FALCON_512_LOGN: u32 = 9;
+pub const FALCON_512_N: usize = 512;
+pub const FALCON_512_PUBKEY_SIZE: usize = 897;
+
+/// Maximum size in bytes of a Falcon-512 signature that this verifier accepts.
+///
+/// Compressed signatures are variable-length up to 666 bytes; padded signatures
+/// are exactly 666 bytes. The 666-byte cap deliberately forbids the 809-byte
+/// constant-time (CT) format.
+pub const FALCON_SIG_MAX_SIZE: u32 = 666;
+
+/// Minimum size: 1 header byte + 40 nonce bytes + at least one polynomial byte.
+pub const FALCON_SIG_MIN_SIZE: u32 = 42;
+
+/// Exact size of a Falcon-512 signature in padded format.
+pub const FALCON_512_SIG_PADDED_SIZE: usize = 666;
+
+/// Maximum message length that `verify_512` will hash.
+///
+/// Enforced at the contract entry point to rule out buffer truncation; matches
+/// the largest message size the on-chain wrapper is willing to allocate.
+pub const FALCON_MAX_MESSAGE_SIZE: usize = 16384;
+
+/// The prime modulus for Falcon ring arithmetic.
+pub const Q: u32 = 12289;
+
+/// Squared L2 norm bound for Falcon-512 signatures.
+pub const L2_BOUND_512: u32 = 34034726;