Four payment-flow concerns surfaced during the RN integration that
need explicit design decisions before scaling:
1. Rabby wallet unsupported by RN's hosted UI - mitigated by
bringing the checkout screen in-house.
2. RN auto-bridges cross-chain payments via LiFi, costing someone
money - mitigated by gating chain selection in our own UI based
on seller-accepted chains.
3. Single shared escrow wallet exposes the whole platform to
sanctioned-funds taint - needs per-escrow ephemeral wallets and
a wallet-abstraction layer.
4. The above pushes RN into a notification-only role - viable but
needs validation tests (webhook reliability, custom destinations,
API-only pricing) before commitment.
- Three-stream audit (security / logic / performance) with 35+ findings
derived from actual source code, each with file:line and remediation
- Audit Index cross-references criticals across streams into prioritized
fix tiers: immediately / before soft launch / before public launch
- Telegram Mini App debug handoff documenting what was implemented and
all remaining work items with exact file lists and test commands
- Updated architecture, data model, auth API, and registration flow docs
to reflect Telegram auth, TON wallet, and email verification additions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>