Skip to main content

Vault Boundaries & Disclosures

WalletWall Vault is a research prototype. It does not custody funds, does not store private keys, does not accept mainnet deposits, and is not an income-generating product or a source of promised returns. The current simulator uses mock testnet assets with no monetary value. Nothing here constitutes a guarantee of quantum-proof protection.
This page is the public-facing statement of what WalletWall’s vault surfaces are and are not.
SurfaceRouteRole
Stablecoin Vaultvault.walletwall.org / /stablecoin-vaultFlagship vault readiness journey — four-outcome readiness assessment, no custody
Vault Simulator/vaultSepolia testnet rehearsal detail — hybrid PQ authorization simulation, surfaced from the Testnet Rehearsal outcome
It applies to the vault readiness scanner, the connected testnet dashboard, and all vault-related surfaces. Neither surface involves real funds, mainnet deposits, or production-grade quantum verification. Today, production WalletWall app surfaces display readiness and simulator status. The connected simulator is limited to local Hardhat or Sepolia rehearsal/dev flows; any simulator writes are testnet-only, are not production product behavior, and must never target mainnet, real stablecoins, deposits, withdrawals, or custody.

No custody

WalletWall does not take custody of user funds — at any time, in any form.
  • No key storage. WalletWall never stores, receives, transmits, or logs private keys, seed phrases, or mnemonic words. There is no input field, API endpoint, or database that accepts key material.
  • No signing authority. WalletWall constructs unsigned, human-readable EIP-712 typed messages for user review. The user’s own wallet provider signs. WalletWall holds no signing key.
  • No discretionary control. WalletWall never has authority to move, freeze, or recover funds without an explicit, per-action signature from the user.
  • No seed phrase requests. WalletWall will never ask for a seed phrase or mnemonic. Any surface requesting mnemonic material is not WalletWall.
The readiness scanner is fully read-only — no wallet connection, signature, or transaction is required to scan an address.

No income-generating product or advice

WalletWall is wallet intelligence, not a financial product or financial adviser.
  • No income-generating product. No WalletWall surface produces, promises, or simulates income on assets.
  • No promised returns. No annualized rate, income projection, or cash-out countdown.
  • No monetary campaign points. Proof-of-Readiness campaign points are readiness attestations only. They carry no monetary value and no redemption right.
  • No financial advice. All signals, scores, and recommendations are research intelligence and migration-readiness indicators — not investment, tax, legal, or financial advice. Consult a qualified professional for those needs.
  • No insurance. WalletWall makes no insurance claim. No FDIC, SIPC, or any deposit-insurance analogue applies.

Testnet and mock assets only

The vault simulator operates on testnet infrastructure with assets that have no monetary value.
PropertyCurrent state
NetworkLocal Hardhat (chain ID 31337) or Ethereum Sepolia (chain ID 11155111) — rehearsal/dev simulator only
Deposited assetMockUSDC (mUSDC) — a mock USDC-style ERC-20 test token, not real USDC, freely mintable, no monetary value
Mainnet depositsNot supported — blocked at the app and contract level
Real stablecoinsNot accepted — real USDC, USDT, DAI, or any other mainnet asset is never deposited
Audit statusNot audited — this is a research prototype
TESTNET — RESEARCH PROTOTYPE. This vault holds MockUSDC, a mock USDC-style test token with no monetary value on a test network. It is not real USDC, not audited, not production custody, and not protection for real funds.
The Sepolia deployment is a research/testnet simulator, not production custody. Testnet assets are obtained via a testnet faucet. There is no purchase path and no monetary exchange for simulator access.

Quantum-resistance boundaries

The vault prototype demonstrates a hybrid classical + post-quantum authorization model. This is not a guarantee of quantum-proof protection.
  • No “quantum-proof” claim. WalletWall does not assert that any wallet, vault, or asset is quantum-proof, quantum-safe today, or protected from quantum attacks.
  • Trusted attestation, not trustless on-chain PQ. Post-quantum authorization in the prototype uses a trusted attestation path: an authorized attestor verifies ML-DSA-65 off-chain, then publishes a signed EIP-712 attestation on-chain. ML-DSA is not verified on-chain in the current prototype.
  • Mock verifier is structural only. MockMLDSAVerifier is a mock verifier used for simulator structure and testing. It does not perform real on-chain ML-DSA cryptographic verification.
  • Experimental verifier hooks. The IPQCVerifier interface and its implementations are research primitives, not production-grade security.
  • Quantum Intelligence scores are exposure indicators. The Quantum Exposure Score reflects how much signature-exposure risk a wallet has accumulated — it is not a safety certification.
  • Migration Readiness is advisory. The readiness engine produces a guidance outcome (Monitor / Prepare / Testnet Rehearsal / Not Enough Data). It is informational, not a security guarantee.

Production and mainnet custody

No production custody path exists. The following gates would all need to be cleared before any mainnet custody consideration:

G1 — Independent security audit

A completed, published audit of vault contracts and the attestation service by an independent third party. Not started.

G2 — On-chain PQ verification

ML-DSA (FIPS 204) or equivalent verified on-chain, not via a trusted attestor. Research prototype only.

G3 — Legal review

Legal analysis of money-transmission and securities law for target jurisdictions, with appropriate licensing or exemptions. Not started.

G4 — Operational controls

Production key management, incident response, SLA, and continuity documentation. Not started.

G5 — Regulatory clearance

Any required regulatory approval or sandbox participation. Not started.

G6 — Separate mainnet spec

A completely separate product spec, threat model, and audit for any mainnet path. Not started.
Until all six gates are cleared, no WalletWall surface implies that a production or mainnet custody path is live, imminent, or approved.

Repo boundary

The app and the vault contract live in separate repositories with separate responsibilities.
ResponsibilityApp (sirmrdrgod/walletwall)Vault repo (Wallet-Wall/walletwall-vault)
Product UI and intelligence surfaces
Vault readiness workflow and simulator entry
Pinned ABI / EIP-712 schema / deployment config✓ (reference only)✓ (owned)
Smart contracts and mock ERC-20 token
PQ verifier interfaces and implementations
Attestation service
Testnet deployment scripts
Security model and threat model
The app references a pinned ABI and deployment config from the vault repo. Contract source, full ABIs, secrets, and deployment artifacts are never copied into the app repo as a canonical source.

WalletWall Vault feature

Implementation details, authorization flow, deployment status, and approved framing.

Key Management & Recovery Model

Non-custodial hard rules and recovery-path design constraints.