Puente is a local development and testing tool. It is NOT designed for production use and does NOT interact with mainnet funds or real LayerZero endpoints.

The mock endpoint program is a testing double with intentional fidelity gaps. Do not use it as a reference for production security properties.

If you discover a security issue in Puente:

1. Do NOT open a public issue
2. Use GitHub Private Vulnerability Reporting
3. We will acknowledge receipt within 48 hours
4. We aim to provide a fix within 7 days for confirmed issues

These are intentional fidelity gaps — NOT bugs:

1. No DVN verification: The relay delivers messages optimistically without DVN attestations. The real LayerZero protocol requires multiple DVNs to verify each message.

2. No Executor simulation: The relay acts as the Executor directly. Real LayerZero uses a separate Executor role with gas estimation.

3. No message library: The mock endpoint does not simulate SendULN302/ReceiveULN302. The real endpoint routes through configurable message libraries.

4. Single-node Solana: Surfpool is a single-node runtime — no leader rotation, slot skipping, or network conditions.

5. Anvil vs production EVM: Gas estimation, block timing, and EVM edge cases may differ from production L1/L2 chains.

6. No fee model: LayerZero's cross-chain gas estimation is not replicated. The mock uses a flat quote_fee_lamports.

7. No rate limiting simulation: Cross-chain rate limits are enforced by the OApp, not the endpoint. Puente does not simulate network-level rate limiting.

Puente uses these security-sensitive dependencies:

• solana-sdk / solana-client — Solana transaction construction and RPC
• tiny-keccak — keccak256 for EVM event topics and GUID computation
• sha2 — SHA256 for Anchor discriminators
• tokio-tungstenite — WebSocket server (rustls TLS)
• ureq — HTTP client for EVM RPC

Run cargo audit to check for known vulnerabilities in dependencies.