cryptoasset
World Liberty Financial WLFI
World Liberty Financial (WLFI) is a governance token and DeFi protocol deployed as a standard ERC-20 token on Ethereum with additional deployments on BNB Smart Chain (BEP-20) and Solana (SPL). The protocol includes an Aave V3-based lending market and the USD1 fiat-backed stablecoin (~$2.2-3B circulating supply). WLFI inherits the quantum-security posture of its host chains per QRI Section 7.2 (Token Inheritance). The project has acknowledged quantum computing as a risk in its official risk disclosures but has published no cryptographic inventory, no quantum threat model, no PQC migration roadmap, and no quantum-specific mitigation of any kind. All spend authorization, governance multisigs (Gnosis Safe), protocol admin keys, stablecoin custody (BitGo), and cross-chain bridge dependencies remain entirely classical ECDSA/EdDSA-based. The QRI Score is 0, capped at 10 by the absence of a public cryptographic inventory (Readiness & Risk Cap) and further constrained by a Factor Score of 0 reflecting zero implementation across all five scoring categories. WLFI's quantum readiness is entirely dependent on future quantum-security upgrades to Ethereum, BSC, and Solana.
Token InheritanceECC-OnlyMulti-ChainGovernance TokenStablecoin Issuer
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory: the project has not published an inventory of quantum-vulnerable public-key mechanisms, attack surfaces, affected assets, or affected layers (Readiness & Risk Cap: 10)
- All spend authorization is entirely ECDSA/EdDSA-only across all deployed chains. No PQC or hybrid-PQC transaction path exists (Readiness & Risk Cap: 40)
- Governance multisigs (Gnosis Safe) and protocol admin keys use classical ECDSA, leaving protocol upgrades, treasury management, and emergency controls quantum-vulnerable
- USD1 stablecoin minting, redemption, and custody (BitGo) rely on classical cryptographic infrastructure with no quantum-safe path
- Cross-chain bridge dependencies (Wormhole for Solana, LayerZero OFT pattern, third-party bridges for EVM chains) introduce additional quantum-vulnerable signer-set and verification surfaces
- No migration mechanism, deprecation path, or quantum-specific incident-response process exists for any WLFI-specific vulnerability
Key Risks
- Quantum key-recovery attack on any Ethereum EOA that has sent a WLFI transfer transaction would expose the private key, enabling theft of all WLFI held at that address across all EVM-compatible chains.
- Governance multisig signer key compromise via quantum attack would give an adversary control over protocol upgrades, treasury funds ($15M+ initial reserve), USD1 stablecoin parameters, and emergency controls.
- USD1 stablecoin reserves custodied by BitGo rely on classical cryptographic infrastructure. A quantum compromise of BitGo's custody keys could threaten the ~$2.2-3B stablecoin backing.
- Cross-chain bridge dependencies (Wormhole for Solana, third-party bridges for EVM chains) expose WLFI value to quantum-vulnerable bridge signer sets and verification logic on each bridge.
- The Aave V3 fork lending market holds hundreds of millions in TVL secured by classical Ethereum smart contracts. Quantum compromise of admin keys or the underlying chain could drain lending pools.
- Long-exposure vulnerability: any Ethereum address that has ever sent a WLFI transaction has its public key permanently exposed on-chain, enabling offline quantum key-recovery attacks with no time constraint.
- Solana deployment uses Ed25519 signatures which are also quantum-vulnerable (Shor's algorithm applicable to elliptic curve discrete log).
Assurance Notes
- Classical smart-contract audits exist from Blocksec, Zokyo, Fuzzland, and Peckshield for the token sale contract, but none cover quantum-critical cryptographic properties. These audits are scope-mismatched for QRI purposes.
- The WLFI token contract is verified on Etherscan (proxy at 0xda5e1988097297dcdc1f90d4dfe7909e847cbef6), providing open-source visibility into the classical implementation only.
- The affiliated WLFS wallet's 'post-quantum cryptography' claim is a marketing statement with no public code, audit, mainnet proof, or reproducible artifact. Even if genuine, it cannot protect on-chain WLFI assets because Ethereum transactions require classical ECDSA signatures.
- WLFI's official risk disclosures (Section 20) acknowledge quantum computing as a risk to the Ethereum blockchain but provide no cryptographic inventory, threat model, or mitigation plan.
- The OKX MiCA whitepaper notes that host-chain communities (Ethereum Foundation, BSC, Solana Labs) are researching quantum-resistant solutions, but this is a host-chain dependency, not a WLFI-specific mitigation.
- USD1 stablecoin (~$2.2-3B circulating supply as of early 2026) is custodied by BitGo using classical cryptographic infrastructure. No quantum-specific custody controls are documented.
- Governance relies on Gnosis Safe multisigs with classical ECDSA signers. No evidence of PQC or hybrid-PQC multisig configurations.
- The 2026 roadmap (USD1 expansion, lending market growth, RWA tokenization, credit card) contains no quantum-readiness milestones, PQC migration plan, or cryptographic upgrade track.
Non-Scoring Caveats
- The WLFS wallet's post-quantum cryptography marketing claim: this is a client-side wallet claim with no verifiable technical evidence and, regardless of its validity, does not protect on-chain WLFI assets because all Ethereum transactions must be signed with ECDSA keys to be valid on the network. Treated as note-only because it creates no verifiable quantum-protection path for the evaluated production scope.
- The OKX MiCA whitepaper states that Ethereum Foundation, BSC community, and Solana Labs are 'actively researching and developing quantum-resistant cryptographic solutions.' This is a host-chain-level statement with no WLFI-specific implementation, timeline, or commitment. Treated as note-only.
- Classical smart-contract audits (Blocksec, Zokyo, Fuzzland, Peckshield) are scope-mismatched for quantum-critical properties. Their existence supports general security assurance but provides zero quantum-readiness evidence. Treated as assurance-only caveat.
- The 2026 roadmap (USD1 expansion, RWA tokenization, lending growth, credit card) contains no quantum-readiness workstream. This is an operational/product observation, not a QRI deduction, because the roadmap does not claim quantum readiness.
- WLFI token is non-transferable except for unlocked portions, which may reduce the immediate value-at-risk for locked tokens but does not change the quantum-vulnerability of the underlying cryptographic mechanisms.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: WLFI risk disclosures acknowledge quantum computing as a generic risk to blockchain cryptography but provide no cryptographic inventory, no enumeration of affected public-key mechanisms, no attack assumptions, and no affected-asset or affected-layer analysis.
Coverage basis: Official risk disclosure document acknowledges quantum risk generically; no inventory exists.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory (Readiness & Risk Cap: 10)
Assurance: The risk disclosure exists and is publicly accessible, but it is a generic legal/risk statement, not a cryptographic assessment. It mentions quantum computing in the context of the Ethereum blockchain consensus mechanism without enumerating WLFI-specific cryptographic surfaces.
Section 20 of WLFI Risk Disclosures: 'Advances in cryptography, or technical advances such as the development of quantum computers, could present risks to $WLFI and the WLF Protocol by rendering ineffective the cryptographic consensus mechanism that underpins many blockchains, including the Ethereum blockchain.' This acknowledgment supports Stage 1 classification but does not constitute a cryptographic inventory or threat model.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: No quantum-specific evidence record exists. Classical smart-contract audits do not address quantum threats.
Coverage basis: No quantum evidence artifacts.
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No code references, specifications, transaction examples, reproducible analytics, or audit reports address quantum-critical properties. The four classical audits (Blocksec, Zokyo, Fuzzland, Peckshield) cover token sale contract security only.
The Gold Paper states: 'The token sale contract has been audited by four leading security firms, including Blocksec, Zokyo, Fuzzland and Peckshield.' None of these audits address post-quantum cryptography or quantum attack vectors.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: All WLFI token transfers rely on host-chain ECDSA (Ethereum/BSC) or Ed25519 (Solana) signatures. No PQC or hybrid-PQC spend authorization exists.
Coverage basis: Token inherits host-chain signature schemes; no custom or PQ signature path.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Active production spend authorization remains entirely ECDSA/EdDSA-only (Readiness & Risk Cap: 40)
Assurance: Confirmed by Etherscan contract verification (standard ERC-20 proxy), OKX MiCA whitepaper (confirms ERC-20, BEP-20, and SPL token standards), and CoinMarketCap listing. High confidence: the token type and signature dependency are directly verifiable on-chain and from multiple independent sources.
Per QRI Section 7.2 (Token Inheritance): as a standard smart-contract token, WLFI inherits the spend-authorization QRI posture of its host chains. Ethereum and BSC use ECDSA; Solana uses Ed25519. All are quantum-vulnerable to Shor's algorithm.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: Standard Ethereum/BSC/Solana account model. Public keys are exposed upon any transaction, creating long-exposure quantum-vulnerable ownership paths.
Coverage basis: Token inherits host-chain account model.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Any address that has sent a WLFI transaction has its public key permanently exposed on-chain. This is a long-exposure (at-rest) attack surface with no time constraint for a quantum adversary. Reused addresses and governance-participating addresses are particularly vulnerable.
WLFI governance requires connecting a self-custody wallet to Snapshot for voting, which typically involves addresses that have sent transactions and thus have exposed public keys. The 5% voting cap per address and the quorum requirement of 1B tokens mean large governance participants have substantial exposed value.
Production Cryptographic Protection
Consensus-critical authentication
Claim: WLFI has no independent consensus mechanism. It inherits consensus security from Ethereum (PoS with BLS signatures), BSC (PoSA), and Solana (PoH+PoS with Ed25519).
Coverage basis: Token inherits host-chain consensus authentication.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The OKX MiCA whitepaper confirms host-chain consensus mechanisms. Ethereum validators use BLS signatures for attestations which are quantum-vulnerable. BSC uses PoSA with ECDSA-based validator authentication. Solana uses Ed25519 for validator signatures. A quantum attack on host-chain consensus would compromise WLFI transaction finality.
While WLFI does not operate its own consensus, consensus vulnerability on any host chain directly threatens WLFI transaction finality, reorg resistance, and the integrity of the token contract state on that chain.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: WLFI token contract state integrity relies on Ethereum's EVM, Merkle Patricia tries, and block headers. No custom quantum-safe state-integrity mechanisms exist.
Coverage basis: Token inherits host-chain state integrity.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The token contract is a standard OpenZeppelin-based ERC-20 proxy. State integrity depends on Ethereum's classical cryptographic primitives including Keccak-256 hashing and ECDSA-based transaction authentication. A quantum attacker capable of forging ECDSA signatures could manipulate token balances, approvals, and governance vote tallies.
The Aave V3 lending market fork adds additional state-integrity dependencies on the host chain. USD1 stablecoin contract state (minting, burning, balance tracking) is similarly dependent on Ethereum's classical cryptography.
Production Cryptographic Protection
Privacy and proof layers
Claim: WLFI has no privacy layer, no ZK proofs, no shielded transactions, no note encryption, and no stealth addresses.
Coverage basis: No privacy features exist in the protocol.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Confirmed by comprehensive review of the Gold Paper, official docs, and OKX MiCA whitepaper. No privacy features are mentioned or implemented.
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: WLFI token has no independent P2P network layer.
Coverage basis: Token inherits host-chain P2P networking.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: The OKX MiCA whitepaper confirms WLFI is deployed as a standard token on each host chain using native token standards (ERC-20, BEP-20, SPL) with no independent networking infrastructure.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows
Claim: Governance multisigs use Gnosis Safe with classical ECDSA. USD1 custody at BitGo uses classical infrastructure. No PQC or hybrid-PQC wallet/custody path exists.
Coverage basis: All known critical wallets and custody arrangements use classical cryptography.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Governance multisigs, treasury, and USD1 custody rely entirely on classical ECDSA with no quantum-safe path
Assurance: The Gold Paper explicitly states: 'The WLF Governance Platform and WLF Protocol are administratively controlled by one or more Gnosis Safe Multisignature Wallet (a "Multisig").' Gnosis Safe uses ECDSA secp256k1 signatures. BitGo custody for USD1 reserves uses industry-standard HSM infrastructure that, to public knowledge, does not support NIST PQC algorithms in production as of the evaluation date.
The Gold Paper also mentions a 'Security Multi-sig' that may be approved for emergency response. All multisigs are classical. The $15M initial net protocol revenue reserve is controlled by a WLF Multisig. USD1 stablecoin minting and burning functions are controlled by admin keys that are quantum-vulnerable.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of WLFI-related value is protected from quantum key-recovery attacks. No migration has occurred. All WLFI tokens (100B total supply), USD1 stablecoin (~$2.2-3B circulating), and lending market TVL (hundreds of millions) remain entirely quantum-vulnerable.
Coverage basis: No PQC protection exists for any value pool.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, recovery, or policy path (Readiness & Risk Cap: 55)
Assurance: USD1 supply figures from Eco support article (February 2026: ~$2.2B) and external reporting (Tekedia: ~$2.98B). WLFI token supply is fixed at 100B. Lending market TVL reported as 'hundreds of millions.' All value is secured by classical ECDSA/Ed25519 with no PQC migration path, opt-in, or deprecation mechanism. Coverage classification: <25% (score 1 in threshold table) but with zero actual protection and no migration mechanism, Implementation Score is set to 0.00 per the implementation status rubric.
The coverage threshold table (Section 9.3.1) assigns score 1 for <25% coverage. However, the Implementation Score rubric assigns 0.00 for 'No implementation or no credible technical claim.' With no migration mechanism, no PQC path, and no protection of any kind, 0.00 is the appropriate Implementation Score. Even if scored at 0.05 (<25% bucket), the net effect on the Factor Score would still round to 0 given the Stage Cap and Readiness & Risk Cap constraints.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets have been migrated. Governance multisigs, treasury, BitGo USD1 custody, and protocol admin keys are all classical.
Coverage basis: No migration of any critical wallet.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The Gold Paper details Gnosis Safe multisigs for protocol administration. The 2026 roadmap (Eco article) confirms BitGo as USD1 custodian. No evidence of any PQC wallet migration, hybrid signing configuration, or quantum-safe custody arrangement.
Critical wallets include: WLF Multisigs (protocol upgrades, treasury, emergency controls), BitGo custody for USD1 reserves, founder and advisor token vesting contracts, and any exchange/custodian hot wallets holding WLFI or USD1 for liquidity.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified and addressed
Claim: No identification, measurement, deprecation, migration, freezing, or burn of quantum-vulnerable WLFI positions has occurred or been proposed.
Coverage basis: No legacy vulnerability inventory or deprecation mechanism.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No on-chain labeling, governance proposal, or documentation identifies quantum-vulnerable token holder addresses, exposed-key positions, or dormant at-risk holdings. The non-transferable nature of locked tokens does not reduce quantum vulnerability; it only limits the attacker's ability to move stolen tokens (which could still be sold if unlock governance is captured).
WLFI tokens are initially non-transferable with unlock via governance votes. Locked tokens held by early purchasers, founders, and advisors represent a large quantum-vulnerable value pool. A quantum attacker who compromises the governance multisig could potentially unlock and drain these tokens.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: No quantum migration or PQC protection roadmap exists. The 2026 roadmap covers USD1 expansion, lending growth, RWA tokenization, and credit card products only.
Coverage basis: No quantum roadmap artifacts.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The 2026 roadmap (Eco article, February 2026) covers four product tracks: USD1 stablecoin expansion, lending market growth, RWA tokenization, and crypto-backed credit card. The WLFI Solana site (wlfisol.com) shows a five-phase roadmap from Q1 2025 to Q4 2026 covering platform development, token sale, DeFi features, ecosystem growth, and AI/metaverse innovation. Neither roadmap mentions post-quantum cryptography, cryptographic migration, or quantum readiness.
The OKX MiCA whitepaper notes that host-chain communities are 'actively researching and developing quantum-resistant cryptographic solutions' and that 'modular architectures of all networks are designed to allow for future cryptographic upgrades.' This is a host-chain dependency statement, not a WLFI-specific migration roadmap.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQC or hybrid-PQC account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist.
Coverage basis: No migration tooling of any kind.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Official docs (docs.worldlibertyfinancial.com) contain no PQC-related content. The main site (worldlibertyfinancial.com) mentions no quantum security features. The WLFS wallet marketing claim about 'post-quantum cryptography' is unverifiable and, even if true, does not enable PQ transaction signing on Ethereum mainnet.
Per Section 7.2, WLFI inherits host-chain migration tooling when/if it becomes available. Currently, none of the host chains (Ethereum, BSC, Solana) offer production PQC transaction paths, so WLFI users have no accessible quantum-safe transaction option.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation paths, legacy-signing disablement, withdrawal restrictions, or exchange/bridge/custody coordination for quantum migration exists.
Coverage basis: No enforcement or coordination artifacts.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No governance proposal, multisig policy, or smart-contract mechanism addresses quantum-specific migration enforcement. The Material Adverse Event clause in the Gold Paper gives multisigs emergency powers, but this is a general security provision with no quantum-specific triggers, procedures, or coordination plans.
WLFI is listed on Coinbase, Binance, OKX, and other exchanges. No exchange has published WLFI-specific quantum-migration coordination plans. Cross-chain bridge dependencies (Wormhole for Solana, LayerZero OFT and third-party bridges for EVM chains) add coordination complexity with no quantum-specific bridge-migration planning.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific incident-response process exists. The general 'Material Adverse Event' and 'Security Risk' provisions in the Gold Paper are not quantum-specific.
Coverage basis: General emergency provisions only; no quantum-specific IR.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The Gold Paper's Section D (Material Adverse Events and Security Risks) states: 'governance control over the WLF Protocol may be completely vested in the Multisigs until the cessation of the Material Adverse Event or Security Risk and normal governance can resume.' While this provides a general emergency framework, it has no quantum-specific triggers (e.g., 'Shor's algorithm reaches X qubits'), no quantum-specific response procedures, and the multisigs themselves are quantum-vulnerable.
A quantum-specific incident-response process would need to address: detection of quantum-enabled attacks, emergency pause/unlock procedures, coordination with exchanges and custodians, communication templates, and recovery plans. None of these exist for WLFI.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQC or hybrid-PQC algorithms are used in any WLFI component. All cryptography is classical (ECDSA secp256k1, Ed25519, Keccak-256).
Coverage basis: No PQC algorithms deployed.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Confirmed by on-chain verification (Etherscan shows standard ERC-20 proxy with no custom cryptographic extensions), OKX MiCA whitepaper (confirms standard token standards), and the Gold Paper (no mention of PQC algorithms).
The WLFS wallet marketing claim of 'post-quantum cryptography' is unverifiable. No algorithm name, NIST standardization status, audit report, or public implementation is available. Even if genuine, it would not protect on-chain WLFI assets which require ECDSA signatures for Ethereum validity.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: No quantum-specific audit exists. Classical audits (Blocksec, Zokyo, Fuzzland, Peckshield) cover token sale contract security only.
Coverage basis: No quantum audit; classical audits are scope-mismatched.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The four named audit firms (Blocksec, Zokyo, Fuzzland, Peckshield) are reputable for classical smart-contract security. Their audits cover the token sale contract but were scoped for traditional vulnerabilities (reentrancy, overflow, access control), not quantum attack vectors. This is an assurance-only caveat because no PQC implementation exists to audit. If a PQC implementation were deployed, the absence of a quantum-specific audit would become a quantum-critical uncertainty.
The Gold Paper states: 'The token sale contract has been audited by four leading security firms.' The OKX MiCA whitepaper marks 'Audit of the Technology Used: FALSE' for the technology audit field, consistent with no quantum audit. For the current evaluation scope (no PQC), this subfactor's Implementation Score is 0.00 because no quantum-critical implementation exists to audit.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: The classical token contract is verified on Etherscan. No PQC implementation exists to be open-source.
Coverage basis: Classical implementation is open-source; quantum-critical implementation does not exist.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: note-only
Assurance: The WLFI token proxy and implementation contracts are verified on Etherscan, making the classical implementation open-source and reproducible. However, the subfactor evaluates the quantum-critical implementation, which does not exist. Score 0.00 reflects 'No implementation or no credible technical claim.' The classical open-source status is noted as positive context for future quantum-migration auditability.
Per the Implementation Score rubric: 'No implementation or no credible technical claim = 0.00.' The classical ERC-20 implementation being open-source does not satisfy the quantum-critical requirement of this subfactor.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: No documented PQC parameter agility or cryptographic upgrade path exists for WLFI-specific components.
Coverage basis: No parameter agility documentation.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The OKX MiCA whitepaper states that host-chain 'modular architectures are designed to allow for future cryptographic upgrades.' This is a host-chain-level claim, not a WLFI-specific parameter-agility plan. WLFI's own governance process (Snapshot voting + multisig implementation) could theoretically enact cryptographic upgrades if proposed, but no such proposal, design, or parameter-agility framework has been published.
The proxy-based token contract architecture (verified on Etherscan) does provide a technical upgrade path (implementation contract can be replaced via proxy), which could theoretically support a future PQC migration. However, this is a standard proxy pattern with no quantum-specific parameter-agility documentation, no PQC upgrade design, and no governance proposal addressing cryptographic migration.
Algorithm & Implementation Assurance
Stateful-signature safety and side-channel implementation risks
Claim: No PQC implementation exists, so no stateful-signature safety, side-channel, fault-injection, or custody implementation risk analysis has been conducted.
Coverage basis: No PQC implementation to analyze.
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: note-only
Assurance: This subfactor is applicable because it covers implementation risks for any PQC deployment. Since no PQC implementation exists, there is nothing to evaluate for stateful-signature safety (XMSS/LMS), side-channel resistance, fault-injection hardening, or HSM/custody integration risks. Score 0.00 reflects no implementation.
If WLFI were to deploy stateful hash-based signatures (XMSS/LMS) in the future, anti-reuse controls, signing-state discipline, and hardware-wallet integration would become critical evaluation points. These considerations are not relevant to the current evaluation scope.
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: No PQC performance or resource-impact analysis exists for WLFI-specific components.
Coverage basis: No performance analysis.
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: note-only
Assurance: No PQC performance benchmarks, gas-cost analyses, signature-size impact assessments, or validator/node hardware requirement studies have been published for WLFI. Since no PQC implementation exists, this is recorded as note-only. If PQC were deployed, signature sizes (e.g., Falcon ~1,330 bytes, CRYSTALS-Dilithium ~2,420 bytes, SPHINCS+ ~17KB) would need evaluation against Ethereum gas limits and block space.
Performance analysis would be particularly important for WLFI's multi-chain deployment: Ethereum's gas model penalizes large calldata, Solana's compute-budget model has different constraints, and BSC's block gas limit differs from Ethereum's. Cross-chain signature verification in bridge contexts would add additional performance considerations.
Report metadata