Threat Model

• The SDK does not custody user funds
• The SDK does not store raw identity documents
• Solana programs are assumed to be publicly readable
• Off-chain services may be compromised independently

• User identity metadata and verification state
• Verification proofs and attestations
• Configuration secrets and provider credentials
• Authorization logic linking identity to access

• Malicious users attempting to bypass KYC controls
• Compromised client applications or backends
• Rogue or breached KYC service providers
• On-chain observers attempting correlation attacks

Identity Data Leakage

Exposure of personal data through logs, storage, or on-chain references.

• No raw identity data is written on-chain
• SDK avoids persistent storage of PII
• Only abstract verification states are exposed

Verification Replay or Forgery

Reuse or spoofing of verification results.

• Verification results are scoped and time-bound
• Provider responses are validated and normalized
• Optional cryptographic attestations supported

On-Chain Correlation Attacks

Linking wallets to real-world identities through repeated usage.

• SDK does not require static identifiers
• Proof references are optional and minimized
• Applications control disclosure granularity

Provider Compromise

A third-party verification provider is breached or malicious.

• Provider abstraction prevents hard dependency
• Multiple providers can be supported
• No provider receives on-chain authority

The SDK prioritizes minimization, separation of trust, and explicit boundaries over absolute guarantees. Security is treated as an evolving process rather than a static claim.