DeFi protocol token
Ondo ONDO
Ondo Finance is a leading DeFi protocol for tokenized real-world assets (RWAs) with approximately $2B in ONDO market capitalization and $3.75B in total value locked across OUSG, USDY, Ondo Global Markets, and related products. The ONDO token itself is a standard ERC-20 on Ethereum that inherits Ethereum's base-layer quantum readiness posture for token transfers. However, the protocol's control plane — including 4-of-7 Gnosis Safe admin multisigs, proxy-upgrade authorities, oracle keys, bridge DVN configurations, and freeze/pause capabilities — relies entirely on ECDSA-secured keys with no post-quantum or hybrid cryptographic protection. Ondo Finance has published no quantum risk assessment, no cryptographic inventory, no PQC migration roadmap, no quantum-specific incident-response process, and no evidence of any post-quantum development work whatsoever. The protocol's otherwise sophisticated security architecture (defense-in-depth, rate limiting, DVN diversity, operational security) is ultimately gated behind the same ECDSA keys a quantum adversary would target. With multi-billion-dollar value-at-risk controlled by quantum-vulnerable keys whose public keys are exposed on-chain through regular multisig operations, the protocol has material, unmitigated quantum-critical vulnerabilities across its entire control plane. QRI Score: 0 (Stage 0 cap of 5, Readiness & Risk Cap of 10 due to absence of cryptographic inventory, Factor Score of 0).
Inherits L1 Score [Ethereum]Token: Standard ERC-20Multi-Chain ProtocolReal-World Assets (RWA)No Quantum Readiness FeaturesAdmin-Key Quantum-Critical Vulnerability
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory of quantum-vulnerable keys, contracts, bridges, or oracle dependencies (Readiness & Risk Cap: 10)
- All production spend authorization, admin-key operations, multisig governance, bridge verification, and oracle authentication remain entirely ECDSA-only with no PQC or hybrid alternative (Readiness & Risk Cap: 40)
- Material long-exposure quantum-vulnerable value (~$2B ONDO market cap, ~$3.75B protocol TVL, ~$1.85B in known multisig wallets) controlled by ECDSA keys with exposed on-chain public keys and no migration, freeze, or deprecation path (Readiness & Risk Cap: 55)
Key Risks
- CRITICAL: All admin multisig keys (OUSG ProxyAdmin owner 0xaed4ca..., USDY ProxyAdmin owner 0x1a694a..., Multisig 2 at 0x677fd4ed... holding ~$1.85B) are 4-of-7 Gnosis Safe wallets using standard ECDSA. Public keys are exposed on-chain through routine execTransaction operations. A quantum adversary recovering any 4 of 7 private keys gains unrestricted upgrade, mint, burn, pause, and freeze authority.
- CRITICAL: No timelock exists on OUSG or USDY proxy upgrades. A quantum-compromised multisig can execute instantaneous, irreversible contract upgrades with no delay for detection or intervention.
- CRITICAL: Bridge infrastructure (LayerZero OFT with custom DVN configuration) relies on ECDSA for admin operations. While Ondo's multi-DVN architecture and rate limits bound classical blast radius, the admin keys controlling DVN configuration, rate-limit parameters, and emergency controls remain quantum-vulnerable.
- HIGH: Oracle keys (attestation signers for Ondo Global Markets mint/redeem operations) use secp256k1 ECDSA. Compromise of these keys could enable unauthorized minting of tokenized securities.
- HIGH: No quantum risk assessment means the full scope of quantum-vulnerable cryptographic dependencies across the multi-chain protocol (Ethereum, Solana, Polygon, BNB Chain, Noble, Mantle, Arbitrum) is unknown even to the project itself.
- MEDIUM: Off-chain custodians BitGo and Hex Trust have not published quantum-readiness roadmaps specific to their Ondo custody arrangements, creating an unassessed dependency chain for tokenized RWA backing.
- MEDIUM: The Ondo DAO governance token (ONDO) itself is secured by standard Ethereum ECDSA; token holder voting power could be compromised through quantum key-recovery attacks against delegate/whale addresses with exposed public keys.
- LOW: Ondo Chain (pre-launch) may eventually introduce PQC capabilities, but its cryptographic design is unpublished and its launch timeline uncertain. It provides zero protection for the current production system.
Assurance Notes
- Smart contract audits by Spearbit, Cyfrin, FYEO, Code4rena, Nethermind, Zokyo, Cantina, and Zellic (2023–2026) provide strong classical-security assurance but contain no quantum-specific or PQC review scope.
- Ondo's April 2026 security-philosophy blog post details defense-in-depth, blast-radius bounding, rate limits, DVN diversity, and freeze capabilities — all valuable operational security context — but does not mention quantum threats, PQC migration, or cryptographic agility for admin keys.
- Admin multisig signer identities are not publicly disclosed, making independent verification of key-management practices and signer independence impossible.
- Ondo Chain (in-development L1) has no published cryptographic design, PQC posture, or quantum threat model. Its eventual architecture could materially change the protocol's quantum-risk profile but is outside the current production scope.
- Off-chain custodians (BitGo, Hex Trust) have not published quantum-readiness attestations specific to Ondo's tokenized assets. Custodian PQC migration is outside direct Ondo control but affects end-to-end quantum safety of tokenized RWAs.
- No formal quantum-specific incident-response playbook exists; existing emergency controls (freeze, pause) are triggered via the same ECDSA-secured admin keys they are meant to protect.
Non-Scoring Caveats
- Ondo's classical security posture (defense-in-depth, rate limits, DVN diversity, freeze capabilities) is sophisticated and operationally mature — but all controls are ultimately gated behind ECDSA admin keys that a quantum adversary could compromise. These controls bound blast radius against classical attacks but do not mitigate quantum key-recovery attacks against the admin keys themselves.
- The upcoming Ondo Chain L1 is in pre-launch development; its eventual cryptographic design and quantum posture are unknown and not evaluated here.
- Off-chain custodian PQC readiness (BitGo, Hex Trust) is beyond Ondo's direct control but affects end-to-end safety of tokenized asset representations.
- Audit freshness for classical smart-contract security is strong (Cantina audit February 2026); this provides zero quantum assurance but demonstrates institutional-grade operational discipline.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: No public cryptographic inventory or quantum threat model has been published by Ondo Finance.
Coverage basis: Absence verified across official documentation, GitHub repositories, and security publications
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory (Readiness & Risk Cap: 10)
Assurance: Absence confirmed via comprehensive review of all official documentation, the April 2026 security-philosophy post (which discusses operational security, bridge architecture, and defense-in-depth but contains zero mention of quantum threats or PQC), the Ondo Chain FAQ, and public GitHub repositories.
This is not merely an assurance gap — the absence of a cryptographic inventory means neither the project nor external evaluators can comprehensively identify all quantum-vulnerable key material, bridge dependencies, oracle paths, or cross-chain surfaces. This directly prevents verification of quantum-critical properties.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: No quantum-specific evidence record exists.
Coverage basis: Absence verified; classical security evidence (audits, code) exists but is not quantum-scoped
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Ondo has published extensive classical smart-contract audit reports from Spearbit, Cyfrin, FYEO, Code4rena, Nethermind, Zokyo, Cantina, and Zellic (2023–2026). These are current and high-quality for classical security but contain no quantum or PQC scope. They do not constitute a quantum evidence record.
No quantum-specific code references, transaction examples, reproducible analytics, or threat-model documentation exist.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: ONDO token transfers use standard Ethereum ECDSA (secp256k1) signatures. Admin multisig operations use ECDSA via Gnosis Safe. All spend authorization paths are entirely ECC-only.
Coverage basis: Verified on Etherscan; Gnosis Safe 1.3.0 uses ECDSA; no PQC or hybrid signature support exists in any Ondo contract
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECDSA-only (Readiness & Risk Cap: 40)
Assurance: ONDO token contract (0xfaba...) is a verified standard ERC-20 with no custom cryptographic logic. Management Multisig (0xaed4ca...) and Multisig 2 (0x677fd4ed...) are standard Gnosis Safe 1.3.0 proxies using ECDSA. All on-chain evidence confirms classical-only signatures.
Long-exposure attack window applies: admin multisig addresses have executed hundreds of on-chain transactions, exposing their public keys permanently. A quantum adversary can attack these keys offline with no time constraint.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: Standard Ethereum account model. All transacted EOAs (including admin multisig signers) have exposed public keys. No PQ/hybrid address schemes, key derivation, or exposure mitigation exists.
Coverage basis: Ethereum account model; multisig execTransaction calls expose signer public keys on-chain
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Both known admin multisigs (0xaed4ca... and 0x677fd4ed...) have extensive on-chain transaction histories. Every execTransaction exposes signer public keys via ECDSA signature recovery. These keys are permanently exposed (long-exposure, at-rest attack window).
Multisig signer identities are not publicly disclosed, preventing independent assessment of whether signers use the same keys across multiple protocols or personal wallets, which would amplify exposure.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable
Claim: ONDO is a token and DeFi protocol without its own consensus mechanism. Consensus authentication is inherited from host chains (primarily Ethereum).
Coverage basis: Protocol architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
While consensus authentication is N/A for the token itself, the admin multisigs that control protocol contracts could be viewed as a governance consensus mechanism. Those keys are evaluated under spend authorization and wallet/custody subfactors.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: OUSG and USDY use OpenZeppelin TransparentUpgradeableProxy. ProxyAdmin owners are ECDSA-based 4-of-7 Gnosis Safes. Contract state can be modified through ECDSA-secured admin operations with no quantum protection. No on-chain timelock exists.
Coverage basis: On-chain proxy verification and StakingRewards DeFi risk rating analysis
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: OUSG ProxyAdmin (0xba80aa44...) owned by 4-of-7 Safe (0xaed4ca...). USDY ProxyAdmin (0x3ed616...) owned by 4-of-7 Safe (0x1a694a...). Both confirmed on-chain. No timelock on either proxy. Upgrades execute immediately upon 4-of-7 ECDSA signature threshold.
The absence of a timelock means a quantum-compromised multisig can execute instantaneous, irreversible contract upgrades. Even if detection systems identify anomalous admin activity, there is zero delay for intervention. BURNER_ROLE can burn tokens from any address; PAUSER_ROLE can pause globally. All role assignments are controlled by the same ECDSA multisigs.
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: Ondo Finance has no privacy layer, shielded transactions, ZK proofs, or confidential transfer mechanisms.
Coverage basis: Protocol architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: ONDO is a token without its own P2P network layer.
Coverage basis: Protocol architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path
Claim: All critical wallet operations — admin multisig signing, oracle attestations, bridge admin, freeze/pause invocation — use standard ECDSA with no PQC or hybrid wallet support. No evidence of HSM-level PQC integration or quantum-safe signing ceremonies.
Coverage basis: On-chain transaction analysis; Gnosis Safe architecture; security blog operational details
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Ondo's April 2026 security blog describes 'dedicated signing infrastructure' and 'purpose-built, isolated, hardened infrastructure' for admin operations. This suggests strong operational security for classical key management, but there is zero mention of PQC, hybrid signatures, or quantum-safe HSM/ceremony workflows. Signer identities and specific HSM configurations are not publicly disclosed, so PQC readiness of signing infrastructure cannot be verified.
Even if Ondo uses HSMs for admin key protection, standard HSM ECDSA signing does not protect against quantum key-recovery attacks against exposed public keys. The on-chain public keys of admin signers are permanently exposed through regular multisig operations.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of protocol value-at-risk is protected. No quantum-safe migration has occurred. All ~$2B ONDO market cap and ~$3.75B protocol TVL remains controlled by ECDSA-secured keys.
Coverage basis: CoinMarketCap/CoinGecko market data; on-chain multisig holdings; protocol TVL from DeFi analytics
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, recovery, or policy path (Readiness & Risk Cap: 55)
Assurance: Market cap and TVL figures are approximate and volatile. Multisig 2 (0x677fd4ed...) holds ~$1.85B in tokens as of evaluation date. OUSG and USDY contract TVL adds significant additional value. All critical admin keys controlling this value have long-exposure public keys from routine on-chain operations. Exact value-at-risk fluctuates with market conditions but the proportion protected (0%) is stable.
Coverage is <25% (in fact 0%) across all attack windows. All admin multisigs have long-exposure public keys. No migration, freeze, deprecation, burn, or recovery path exists for any quantum-vulnerable value. The protocol's freeze capability, while useful for classical theft response, is itself gated behind ECDSA keys.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (admin multisigs, oracle signers, bridge operators, treasury, foundation) have been migrated to PQC or hybrid signatures. All remain ECDSA-only.
Coverage basis: On-chain verification of multisig configurations and transaction signatures
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Both identified admin multisigs (Management Multisig 0xaed4ca... and Multisig 2 0x677fd4ed...) are verified Gnosis Safe 1.3.0 instances using standard ECDSA. Transaction history confirms regular ECDSA-based execTransaction operations. No evidence of PQC migration, hybrid signing, or key rotation to quantum-safe schemes.
The two multisigs share 6/7 signer overlap. A quantum adversary recovering keys for the overlapping signers could compromise both multisigs simultaneously, gaining control over OUSG, USDY, and the majority of protocol-held value.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No identification, measurement, deprecation, or migration of quantum-vulnerable accounts or contracts has occurred. No inventory of vulnerable key material exists.
Coverage basis: Absence verified across all official documentation and public communications
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Absence confirmed through comprehensive search of Ondo documentation, blog posts, governance forums, and GitHub repositories. No quantum-vulnerability inventory, no deprecation policy, no migration eligibility criteria, and no measurement methodology for quantum-exposed value exists.
This is not a PQ-native protocol. All accounts, contracts, admin keys, and signers were created with classical ECDSA and have no quantum-safe migration path.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No public quantum migration or protection roadmap exists.
Coverage basis: Absence verified across all official communications
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Ondo has published extensive roadmaps for product development (Ondo Chain, Ondo Global Markets, Ondo Perps) and regulatory engagement (SEC Crypto Task Force submission), but none address quantum migration, PQC adoption, or cryptographic agility. The absence is confirmed with high confidence.
The April 2026 security blog post mentions 'reviewing every assumption in light of this spring' and 'nothing is exempt from reexamination' — this could theoretically encompass quantum threats, but no specific quantum or PQC language appears anywhere in the post or in any other Ondo publication.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody support, user warnings, educational materials, or migration prompts exist.
Coverage basis: Absence verified across all user-facing products and documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Ondo's user-facing products (app.ondo.finance) and documentation contain no quantum-related warnings, educational content, or migration guidance. Wallet integrations do not support PQC signature schemes. All account creation follows standard Ethereum EOA patterns.
Users can still create new quantum-vulnerable accounts by default with no warning. There is no mechanism to create PQ-protected accounts, no migration prompt for existing users, and no educational content about quantum risk.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist and exchange, custody, bridge, wallet, and infrastructure coordination prevents unsafe fallback
Claim: No migration enforcement mechanisms exist. No exchange, custody, bridge, or wallet coordination for quantum migration has occurred. No unsafe-fallback prevention exists.
Coverage basis: Absence verified; no evidence of any quantum coordination activity
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: While Ondo has strong operational coordination with custodians (BitGo, Hex Trust, Coinbase, Circle) and exchanges, this coordination addresses classical security and compliance — not quantum migration. No public evidence of quantum-related discussions, attestations, or coordination with any infrastructure partner exists.
Ondo's multi-chain presence (Ethereum, Solana, Polygon, BNB Chain, Noble, Mantle, Arbitrum) multiplies the coordination complexity for any future quantum migration. No groundwork for this coordination is visible.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure, incident-response, or governance process exists. Existing admin controls (freeze, pause) are gated behind the same ECDSA keys a quantum adversary would target.
Coverage basis: Security blog analysis; on-chain control verification
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Ondo demonstrated operational incident-response capability during the April 2026 Drift exploit — they were reportedly the only RWA issuer to freeze attacker funds. However, this capability depends on ECDSA-signed admin transactions. In a quantum attack scenario where admin keys themselves are compromised, freeze/pause capabilities could be disabled or used maliciously by the attacker. No quantum-specific playbook, alternative quantum-safe emergency path, or governance process for quantum vulnerability disclosure exists.
The paradox is significant: Ondo's emergency controls are sophisticated for classical threats but become attack vectors in a quantum scenario. A quantum adversary who compromises admin keys could use freeze capabilities to lock legitimate users out while draining funds, and no quantum-safe override exists.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No PQC or hybrid-PQC algorithms are in use. All cryptography is classical ECDSA.
Coverage basis: On-chain verification; source code review; absence of any PQC libraries or references
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Public GitHub repositories (ondo-v1, usdy, usdy-noble, Solana programs) contain standard Solidity, Go, and Rust code with no PQC library imports, no NIST algorithm references (ML-KEM, ML-DSA, SLH-DSA), and no hybrid signature constructions. Absence of PQC is confirmed with high confidence for the public codebase.
Primary development occurs in private repositories per secondary sources, so the full codebase cannot be independently audited. However, on-chain behavior (ECDSA signatures for all transactions) confirms that no PQC algorithms are active in production.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: No independent cryptographic or PQC-focused audit exists. Existing audits (Spearbit, Cyfrin, Cantina, Zellic, etc.) cover smart-contract logic and classical security only.
Coverage basis: Published audit reports; audit scope documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Audits are current and high-quality for their stated scope (smart-contract security, oracle integrity, access control). The Cantina audit (February 2026) and FYEO/Cyfrin/Spearbit reviews (September–November 2025) demonstrate institutional-grade classical audit discipline. However, no audit addresses PQC algorithm selection, hybrid signature implementation, side-channel resistance of PQC operations, or quantum threat modeling. This is a scope gap, not an audit quality issue — the project has no PQC implementation to audit.
As a note-only caveat: since there is no PQC implementation to audit, the absence of a PQC audit does not independently reduce the score. The score is already 0 due to absence of any PQC work.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Limited public code is available. Primary development occurs in private repositories. No PQC implementation exists to be open-source or reproducible.
Coverage basis: GitHub organization review
Implementation score: 0 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Public repositories (ondo-v1 Solidity snapshot, usdy Solidity, usdy-noble Go, Solana programs) provide partial code visibility. TokenTerminal data and secondary sources confirm primary development in private repos. For quantum-readiness evaluation, the key finding is that no PQC code exists in either public or (based on on-chain behavior) private deployments.
This is an operational/product caveat: limited open-source availability reduces independent verifiability of the full codebase but does not affect quantum-readiness scoring since no PQC claim is being made. On-chain behavior confirms classical-only operations.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: No parameter agility or PQC upgrade path is documented. Cryptographic parameters are hardcoded in standard Ethereum/Solana patterns with no migration planning.
Coverage basis: Absence verified across documentation and code
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No documentation exists describing how cryptographic primitives could be upgraded, what parameters would need to change for PQC migration, or how signature scheme agility would be achieved across the multi-chain protocol. The proxy-upgradeable contract architecture provides a technical path for contract-level changes, but no PQC-specific upgrade design or parameter-agility framework is documented.
While proxy-upgradeable contracts theoretically enable future cryptographic changes, the absence of any documented upgrade path, parameter selection criteria, or PQC algorithm evaluation means there is no evidenced agility. This is not merely a documentation gap — it reflects the absence of any quantum-migration engineering work.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks
Claim: No stateful signatures (XMSS/LMS) are in use. No PQC implementation exists, so stateful-signature safety considerations are not yet relevant. Classical HSM/custody arrangements exist but are not quantum-safe.
Coverage basis: Absence of PQC implementation
Implementation score: 0 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Since no PQC implementation exists, stateful-signature safety is a forward-looking concern. Ondo's existing operational security practices (dedicated signing infrastructure, hardened environments) suggest readiness to implement state-management discipline if stateful PQC schemes are adopted, but this is speculative. No evidence of side-channel-resistant PQC implementation planning exists.
This subfactor scores 0 because no PQC implementation exists to evaluate — not because stateful-signature risks have been assessed and found inadequate. If Ondo were to adopt XMSS/LMS for admin key signatures, state-management and anti-reuse controls would become critical.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: No performance or resource-impact analysis for PQC deployment exists.
Coverage basis: Absence verified
Implementation score: 0 · Evidence confidence: High
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: No analysis exists of how PQC signature sizes (e.g., ML-DSA at ~2,400 bytes vs ECDSA at ~64 bytes) would affect gas costs for multisig operations, bridge message sizes, Solana transaction limits, or cross-chain message formats. This is a note-only caveat since no PQC deployment is planned or claimed.
For a protocol with significant multi-chain bridge infrastructure, PQC signature sizes could materially affect bridge message costs and cross-chain transaction feasibility. Early performance analysis would inform architecture decisions but its absence does not independently reduce the QRI Score.
Report metadata