Patcha is pre-audit software. The program has not had a third-party audit; do not use it to custody funds without one.

Report suspected vulnerabilities privately via the contact on patcha.fi rather than opening a public issue. Please include a description, affected component, and reproduction steps.

The account model, arithmetic guarantees, and known limitations are documented in docs/security.md.