Audits, Open Source Dependencies, and Assurance Framework
A.1 Security Foundation
MYIDverified is built on a foundation of proven, open-source technology that has already undergone independent third-party security auditing by Verichains, a globally recognized blockchain security firm specializing in protocol-level and cryptographic validation. The underlying framework incorporates upstream libraries and SDKs that are widely used across the Polkadot and Substrate ecosystems, including the Polkadot{.js} API, connection middleware, Subwallet Open Source Framework, hardware wallet SDKs, and vetted UI libraries. By inheriting this foundation, MYIDverified benefits from both:
The assurances of a professional security audit conducted on the baseline implementation. The peer-reviewed resilience of upstream projects that are continuously maintained and scrutinized by global developer communities.
Where MYIDverified reuses these audited and community-validated modules without alteration, users inherit the same assurances that were independently verified. Where MYIDverified introduces new or extended functionality, these components are subjected to our own internal security reviews and independent external audits.
A.2 Open Source Dependencies and Technical Lineage
The strength of MYIDverified lies not only in its proprietary innovations but also in its disciplined use of open-source components that are secure, transparent, and widely adopted:
Polkadot{.js} API and Extension – Provides transaction encoding, RPC calls, and signing functions for Substrate-based chains. Maintained under Apache-2.0/MIT licenses, with continuous peer review by Parity Technologies and the Polkadot community.
Subwallet Open Source Framework - Publicly available under permissive licenses, providing a transparent community reviewed foundation that has undergone independent 3rd party security auditing, ensuring a trusted baseline for MYIDverified's enhancements.
Wallet Connection Middleware (SubConnect) – Open-source MIT library enabling multi-wallet connectivity across browser extensions, hardware devices, and mobile wallets. Originally derived from third web/web3-onboard and hardened for Substrate.
Hardware Wallet SDKs (Ledger, Keystone) – Secure SDKs under MIT/Apache licenses, ensuring that private keys never leave secure hardware environments.
React UI Components – Forks of Ant Design libraries under MIT license, ensuring predictable and community-reviewed rendering logic.
Phishing Protection Lists – Continuously updated blocklists curated by ecosystem maintainers (e.g. ChainPatrol, Polkadot.js).
These dependencies are not experimental or untested. They are widely deployed in production environments, ensuring that MYIDverified’s foundation benefits from ongoing global scrutiny and rapid response to vulnerabilities.
A.3 Proprietary enhancements beyond the baseline where other wallet frameworks stop, MYIDverified advances the state of security. Our proprietary enhancements include:
Judicial Recovery Protocols – A permanent address architecture with freeze-on-rotation and court-supervised key recovery.
Seed-Phrase Elimination – Biometric-gated, hardware-bound key storage (iOS Secure Enclave, Android Keystore/StrongBox).
Custom Runtime Enforcement – Signed extensions ensuring fee redirection to permanent accounts, pre-dispatch validation, and resilience against griefing or denial-of-service attacks.
Continuous Monitoring – Finalized event streaming, anomaly detection, and multi-factor authentication for sensitive operations.
These features are exclusive to MYIDverified and go far beyond the scope of any inherited audit.
Powered by our proprietary CLARUS “Living Blockchain”, an adaptive, self-upgrading ledger architecture built upon Substrate, the modular, open-source blockchain framework developed by Parity Technologies (GitHub: paritytech/substrate) and trusted by over 100+ production networks, including Polkadot, Kusama, and other globally recognized systems (Parity.io).
Substrate’s runtime architecture enables deterministic consensus, hot-swappable logic upgrades without forks, and full auditability through WebAssembly-based state transitions, forming the same foundation that powers millions of daily transactions across the Substrate ecosystem. Leveraging this proven foundation, the CLARUS chain incorporates dynamic governance, judicial key rotation, event-driven finality tracking, and cross-runtime compatibility, extending Substrate’s security guarantees into a “living” and continuously verifiable blockchain fabric.
This architecture inherits the same wallet and transaction layer trusted by over 2 million global users across Substrate-based wallets and ecosystems (SubWallet Docs).MYIDverified evolves this robust infrastructure into a borderless, recoverable account system, where each identity is anchored cryptographically, recoverable through multi-factor verification (e.g., hardware-bound keys, OTPs, zero-knowledge proofs, and judicial recovery nodes), and legally auditable via on-chain state attestations.
Every account is mathematically owned by its controller, resistant to seizure or external modification, and preserved through continuous on-chain upgrades without hard forks — ensuring permanent sovereignty over digital assets.
Together, CLARUS and MYIDverified establish a verifiable, non-custodial financial infrastructure that aligns with NIST SP-800, ISO/IEC 27001, and OWASP ASVS standards for cryptographic integrity, resilience, and system security empowering every user to retain full, recoverable ownership of their digital identity and assets.
A.4 Audit Scope and Legal Clarity
To maintain transparency and compliance with best practices:
Inherited Scope – MYIDverified benefits from the Verichains audit conducted on the baseline codebase and its dependencies as of the audited commit.
Extended Scope – Proprietary MYIDverified modules, enhancements, and governance logic are outside that original audit boundary and are subject to separate review processes.
Ongoing Assurance – MYIDverified maintains a formal Software Bill of Materials (SBOM) to track dependencies, revalidates third-party libraries upon version upgrades, and schedules staged independent audits for all proprietary features.
A.5 Compliance Alignment
MYIDverified aligns its assurance framework with international standards, including:
ISO/IEC 27001 – Information Security Management.
NIST SP 800-53 – Security and Privacy Controls.
OWASP ASVS – Application Security Verification Standard.
CWE/SANS Top 25 – Secure coding practices.
This alignment evidences MYIDverified’s adherence to internationally recognized security and compliance frameworks, reflecting a deliberate commitment to enterprise-grade assurance, governance, and risk management practices that substantially exceed the baseline obligations of typical consumer applications and financial platforms.
A.6 Legal Disclaimer:
The Verichains audit provides reasonable assurance of security for the baseline code reviewed at the time of audit. MYIDverified expressly acknowledges that no audit or security framework eliminates all risk. All blockchain-based systems carry inherent exposure to malicious actors, user-side vulnerabilities, and third-party dependency risks.Users acknowledge these risks by using MYIDverified and agree that liability is limited to the maximum extent permitted by law. MYIDverified commits to ongoing independent review, layered defenses, transparency in dependency management, and proactive disclosure of any discovered vulnerabilities.
MYIDverified is built on a foundation of proven, open-source technology that has already undergone independent third-party security auditing by Verichains, a globally recognized blockchain security firm specializing in protocol-level and cryptographic validation. The underlying framework incorporates upstream libraries and SDKs that are widely used across the Polkadot and Substrate ecosystems, including the Polkadot{.js} API, connection middleware, Subwallet Open Source Framework, hardware wallet SDKs, and vetted UI libraries. By inheriting this foundation, MYIDverified benefits from both:
The assurances of a professional security audit conducted on the baseline implementation. The peer-reviewed resilience of upstream projects that are continuously maintained and scrutinized by global developer communities.
Where MYIDverified reuses these audited and community-validated modules without alteration, users inherit the same assurances that were independently verified. Where MYIDverified introduces new or extended functionality, these components are subjected to our own internal security reviews and independent external audits.
A.2 Open Source Dependencies and Technical Lineage
The strength of MYIDverified lies not only in its proprietary innovations but also in its disciplined use of open-source components that are secure, transparent, and widely adopted:
Polkadot{.js} API and Extension – Provides transaction encoding, RPC calls, and signing functions for Substrate-based chains. Maintained under Apache-2.0/MIT licenses, with continuous peer review by Parity Technologies and the Polkadot community.
Subwallet Open Source Framework - Publicly available under permissive licenses, providing a transparent community reviewed foundation that has undergone independent 3rd party security auditing, ensuring a trusted baseline for MYIDverified's enhancements.
Wallet Connection Middleware (SubConnect) – Open-source MIT library enabling multi-wallet connectivity across browser extensions, hardware devices, and mobile wallets. Originally derived from third web/web3-onboard and hardened for Substrate.
Hardware Wallet SDKs (Ledger, Keystone) – Secure SDKs under MIT/Apache licenses, ensuring that private keys never leave secure hardware environments.
React UI Components – Forks of Ant Design libraries under MIT license, ensuring predictable and community-reviewed rendering logic.
Phishing Protection Lists – Continuously updated blocklists curated by ecosystem maintainers (e.g. ChainPatrol, Polkadot.js).
These dependencies are not experimental or untested. They are widely deployed in production environments, ensuring that MYIDverified’s foundation benefits from ongoing global scrutiny and rapid response to vulnerabilities.
A.3 Proprietary enhancements beyond the baseline where other wallet frameworks stop, MYIDverified advances the state of security. Our proprietary enhancements include:
Judicial Recovery Protocols – A permanent address architecture with freeze-on-rotation and court-supervised key recovery.
Seed-Phrase Elimination – Biometric-gated, hardware-bound key storage (iOS Secure Enclave, Android Keystore/StrongBox).
Custom Runtime Enforcement – Signed extensions ensuring fee redirection to permanent accounts, pre-dispatch validation, and resilience against griefing or denial-of-service attacks.
Continuous Monitoring – Finalized event streaming, anomaly detection, and multi-factor authentication for sensitive operations.
These features are exclusive to MYIDverified and go far beyond the scope of any inherited audit.
Powered by our proprietary CLARUS “Living Blockchain”, an adaptive, self-upgrading ledger architecture built upon Substrate, the modular, open-source blockchain framework developed by Parity Technologies (GitHub: paritytech/substrate) and trusted by over 100+ production networks, including Polkadot, Kusama, and other globally recognized systems (Parity.io).
Substrate’s runtime architecture enables deterministic consensus, hot-swappable logic upgrades without forks, and full auditability through WebAssembly-based state transitions, forming the same foundation that powers millions of daily transactions across the Substrate ecosystem. Leveraging this proven foundation, the CLARUS chain incorporates dynamic governance, judicial key rotation, event-driven finality tracking, and cross-runtime compatibility, extending Substrate’s security guarantees into a “living” and continuously verifiable blockchain fabric.
This architecture inherits the same wallet and transaction layer trusted by over 2 million global users across Substrate-based wallets and ecosystems (SubWallet Docs).MYIDverified evolves this robust infrastructure into a borderless, recoverable account system, where each identity is anchored cryptographically, recoverable through multi-factor verification (e.g., hardware-bound keys, OTPs, zero-knowledge proofs, and judicial recovery nodes), and legally auditable via on-chain state attestations.
Every account is mathematically owned by its controller, resistant to seizure or external modification, and preserved through continuous on-chain upgrades without hard forks — ensuring permanent sovereignty over digital assets.
Together, CLARUS and MYIDverified establish a verifiable, non-custodial financial infrastructure that aligns with NIST SP-800, ISO/IEC 27001, and OWASP ASVS standards for cryptographic integrity, resilience, and system security empowering every user to retain full, recoverable ownership of their digital identity and assets.
A.4 Audit Scope and Legal Clarity
To maintain transparency and compliance with best practices:
Inherited Scope – MYIDverified benefits from the Verichains audit conducted on the baseline codebase and its dependencies as of the audited commit.
Extended Scope – Proprietary MYIDverified modules, enhancements, and governance logic are outside that original audit boundary and are subject to separate review processes.
Ongoing Assurance – MYIDverified maintains a formal Software Bill of Materials (SBOM) to track dependencies, revalidates third-party libraries upon version upgrades, and schedules staged independent audits for all proprietary features.
A.5 Compliance Alignment
MYIDverified aligns its assurance framework with international standards, including:
ISO/IEC 27001 – Information Security Management.
NIST SP 800-53 – Security and Privacy Controls.
OWASP ASVS – Application Security Verification Standard.
CWE/SANS Top 25 – Secure coding practices.
This alignment evidences MYIDverified’s adherence to internationally recognized security and compliance frameworks, reflecting a deliberate commitment to enterprise-grade assurance, governance, and risk management practices that substantially exceed the baseline obligations of typical consumer applications and financial platforms.
A.6 Legal Disclaimer:
The Verichains audit provides reasonable assurance of security for the baseline code reviewed at the time of audit. MYIDverified expressly acknowledges that no audit or security framework eliminates all risk. All blockchain-based systems carry inherent exposure to malicious actors, user-side vulnerabilities, and third-party dependency risks.Users acknowledge these risks by using MYIDverified and agree that liability is limited to the maximum extent permitted by law. MYIDverified commits to ongoing independent review, layered defenses, transparency in dependency management, and proactive disclosure of any discovered vulnerabilities.
**“Zeroborder LLC registration number 2025-001674991, 30 N Gould St Ste R Sheridan, WY 82801 USA. Singapore Business Federation Center, 160 Robinson Road, #14-04, Singapore 068914. 4312, El Salvador, C.A. Calle Cuscatlan, Colonia Escalon San Salvador. ZeroBorder Self-Banking Centers, the CLARUS Money Project, MY IDENTITY Coin (MYID), OkGlobal, MYIDverified operates as a decentralized, non-custodial platform that is not domiciled in, nor dependent upon, the laws or regulatory regime of any single country or jurisdiction. The architecture of our technology ensures that no central entity can exercise unilateral control, suspension, or confiscation of user accounts. For purposes of formality and to facilitate engagement with regulators, financial institutions, and commercial partners, we have voluntarily established corporate registrations in multiple jurisdictions worldwide - including the United States, Singapore, and El Salvador. These entities exist to provide an additional layer of administrative transparency and legal interface, but they are not operationally required for the functioning, continuity, or enforceability of our self-banking platform and its associated technologies. This dual approach of technological decentralization coupled with voluntary global registrations provides users with the confidence of a borderless system, backed by the credibility of recognized legal structures.”**