Pali Wallet Security Audit

Governance
, ,
1

Syscoin Governance Proposal — Pali Wallet Security Audit

Requested Amount: 350,000 SYS
Recipient: Syscoin Management Team (SMT)
Purpose: Funding for Pali Wallet Audit by Cyrex
Voting Deadline: November 14th 2025

Vote Yes
gobject_vote_many e97bea5b0d97fd2989464fb7a84469ec656d4de2f0261365bc0d970567cab1b0 funding yes

Vote No
gobject_vote_many e97bea5b0d97fd2989464fb7a84469ec656d4de2f0261365bc0d970567cab1b0 funding no

Vote Abstain
gobject_vote_many e97bea5b0d97fd2989464fb7a84469ec656d4de2f0261365bc0d970567cab1b0 funding abstain

Overview

This proposal requests 350,000 SYS from governance to fund a comprehensive security audit of Pali Wallet, conducted by Cyrex, a professional cybersecurity firm specializing in blockchain and web3 applications.

The total cost of the engagement is €12,800, and the audit will ensure Pali Wallet meets the highest standards of security and integrity before wider ecosystem integrations and user expansion.

Motivation

Pali Wallet is the flagship Syscoin browser wallet, serving as the primary user gateway for Syscoin, Rollux, and zkSYS ecosystems.

Given its critical role in managing digital assets, RPC communications, and dApp interactions, it is imperative that the wallet undergoes a full third-party audit to validate the security of its architecture and implementation.

This audit will help:

  • Identify and mitigate vulnerabilities in the wallet’s RPC and JavaScript interfaces.
  • Protect user funds and data across networks.
  • Strengthen confidence among users, partners, and integrators.
  • Support compliance and best practices across Syscoin’s ecosystem stack.

Scope of Work

The audit will cover all major functional and security-critical components of Pali Wallet, including its internal communication flows, user-facing logic, and network interactions.

Cyrex will perform a full code-level review focused on authentication, session handling, RPC integrity, data validation, and protection against injection or spoofing risks.

The engagement is considered moderate in size but comprehensive in depth, addressing all areas where vulnerabilities could compromise wallet security or user data.

Deliverables

  1. Full Security Audit Report
    Detailed technical findings, severity classification, and mitigation recommendations.
  2. Verification Phase
    Validation of fixes following developer remediations.
  3. Public Summary Report
    A non-technical version suitable for publication on the Syscoin forum and GitHub.
  4. Certificate of Audit Completion
    Issued by Cyrex upon successful verification.

Estimated duration: 2–3 weeks.

Budget

Item Cost Currency
Cyrex Pali Wallet Audit €12,800 EUR
Requested from Governance 350,000 SYS

Conversion rate approximated at the time of proposal submission and as the Syscoin price is currently lower, any shortfall will be covered by loans (to be repaid) from Team Members. Any remaining difference (if positive) will be retained in the SMT operational reserve for future audits and security engagements.

Execution & Oversight

The Syscoin Management Team (SMT) will coordinate directly with Cyrex, provide technical documentation and code access, and oversee the audit delivery.
All results will be published to the community in accordance with Syscoin transparency standards.

Conclusion

This proposal ensures that Pali Wallet, as the primary user access point within Syscoin’s ecosystem, undergoes a complete professional audit to validate its security and reliability.

By approving this proposal, the community demonstrates its commitment to protecting users, maintaining transparency, and upholding the highest operational standards across all Syscoin products.