What changed.

Security

• Signer: certificate fingerprint binding over mTLS, strengthening signer/client identity verification so a valid certificate can't be reused outside its expected identity context.
• Signer: hardened validation around auction-buy flows.
• Signer: new SensitiveBytes wrapper for sensitive byte data, redacted from logs by default and zeroized in memory on close to reduce the risk of secrets lingering after use.

Improved

• Relayer: auction buyers now receive BTC collateral directly from the related credit line's vault once an auction purchase is detected, making settlement more direct and better aligned with the purchased collateral amount.
• Relayer: better Bitcoin fee handling, with more accurate transaction size estimates for vault sweeps, improved fee calculation with better change and dust handling on auction payouts, and a lower fallback fee rate when external estimates are unavailable.
• Relayer: more reliable liquidation processing.

Fixed

• Relayer: removed legacy liquidation completion steps from the active flow, reducing duplicate or unnecessary settlement actions.

What's New

• Adaptive interest-rate curve on the variable market. The curve now pivots on an anchor (the rate at the 90% utilization target) that drifts up when the pool stays busy and down when it stays quiet, so borrow pricing tracks real demand instead of a fixed spread.
• Borrow-share accounting for credit lines. Each credit line now holds borrow shares of the pool total, so interest compounds smoothly across every credit line in a single pool update rather than being rewritten line by line.

Improved

• Minimum and maximum borrow APR are now derived from the live anchor (floor at anchor ÷ 4, ceiling at anchor × 4, capped at 18%) instead of fixed values, so the displayed range moves with real conditions.
• Repayments burn the matching borrow shares, and a full repayment always clears a credit line to zero.

Security

• Signer: TLS 1.3 now required as the minimum across the mTLS transport.
• Signer: hardened the native code boundary with length guards, in-memory secret wiping, and safer buffer handling.
• Signer: KMS key material wiped from memory on shutdown.
• Signer: HTTP header read timeouts to resist slow-request (Slowloris) attacks.
• Relayer: stricter validation on all API requests, with clearer error responses.
• Relayer: stronger Bitcoin key handling.

Improved

• Signer: PSBT-first design for Bitcoin operations.
• Signer: sparse-index support for non-contiguous party indices.
• Relayer: streamlined Bitcoin transaction signing, consolidated into a single, more secure flow with legacy signing paths removed.
• Relayer: more accurate health monitoring using on-chain data.
• Relayer: reduced internal dependencies in the health check flow.
• Relayer: request logging added for better observability into service activity.

Fixed

• Relayer: fixed an edge case in collateral synchronization during loan updates.

Infrastructure

• Relayer: migrated to a more robust, higher-performance database backend.

What's New

• Support for partial withdrawals.
• Minor UX optimisations and enhancements.
• Bug fixes and performance improvements.
• Security improvements.

Security

• Relayer: global per-IP rate limiting.
• Relayer: stricter BTC withdrawal validation, with safe retries on transient RPC failures.
• Relayer: configurable auth modes, with backwards compatibility for existing clients.
• Signer: mTLS now required for operational endpoints.
• Signer: validator hardening, including RPC error handling and user authenticity checks.
• Signer: audit logging across all operations.

Improved

• Relayer: removed unused API surface.

Infrastructure

• Signer: upstream rebase and dependency updates (Go, OpenSSL, Next.js).

What's New

• Reliable collateral sync after a direct BTC deposit to your vault.
• Interest accrual fix on the lending contract.
• UI refinements and bug fixes throughout the app.