Auto-generate your docs

Security audits

Clementine has undergone independent security audits to ensure the integrity and security of the bridge implementation.

Audit reports

Sigma Prime security assessment

Sigma Prime conducted a comprehensive security assessment of Clementine, reviewing the bridge architecture, cryptographic implementations, and potential attack vectors. Download: Sigma Prime Security Assessment Report (PDF) Key findings:

Reviewed core bridge logic and actor implementations
Analyzed cryptographic primitives (MuSig2, Winternitz signatures)
Evaluated BitVM2 integration and challenge mechanisms
Assessed economic incentive structures

Cantina competition

Clementine participated in a Cantina security competition where multiple security researchers reviewed the codebase for vulnerabilities. Download: Cantina Competition Report (PDF) Competition details:

Community-driven security review
Multiple independent researchers
Focused on edge cases and potential exploits

Audit scope

The security audits covered:

Core bridge logic

Deposit and withdrawal flows, transaction signing, state management

Actor implementations

Verifier, Operator, Aggregator, and Watchtower behavior

Cryptographic primitives

MuSig2, Winternitz signatures, Schnorr signatures

Circuit implementations

Bridge Circuit, Header Chain Circuit, Work Only Circuit

Economic mechanisms

Fee structures, collateral requirements, incentive alignment

Challenge-response

Watchtower challenges, operator responses, dispute resolution

Remediation

All critical and high-severity findings from the audits have been addressed. The audit reports include:

Detailed descriptions of findings
Severity classifications
Recommended remediations
Implementation status

The audit reports are available in the Clementine repository.

Continuous security

In addition to formal audits, Clementine maintains security through:

Bug bounty program - Rewards for responsible disclosure of vulnerabilities
Code reviews - All changes undergo peer review before merging
Automated testing - Comprehensive test coverage for critical paths
Security monitoring - Continuous monitoring of mainnet deployments

If you discover a security vulnerability, please report it responsibly through our security disclosure process.

Next steps

Security model

Understand Clementine’s security architecture

Threat analysis

Review potential attack vectors and mitigations

Report vulnerability

Report security issues responsibly

Source code

Review the implementation yourself

Changelog

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Additional Resources

​Security audits

​Audit reports

​Sigma Prime security assessment

​Cantina competition

​Audit scope

Core bridge logic

Actor implementations

Cryptographic primitives

Circuit implementations

Economic mechanisms

Challenge-response

​Remediation

​Continuous security

​Next steps

Security model

Threat analysis

Report vulnerability

Source code

Build docs developers (and LLMs) love

Security audits

Audit reports

Sigma Prime security assessment

Cantina competition

Audit scope

Remediation

Continuous security

Next steps