A practical, audit-grade set of checklists for building, securing, and shipping applications and infrastructure on Quantova, the post-quantum Layer 1 for institutional settlement.
Every item here maps to a concrete decision a team has to make before going to production. The checklists are written to be copied into a pull request, a launch ticket, or an audit scope — not just read once. They reflect how Quantova actually works: Q-format addresses, the post-quantum signing model, the Quantova Virtual Machine (QVM), the QRC20 standard, the deterministic no-VRF consensus layer, and finality-anchored bridges.
Network status. Quantova is on testnet ahead of mainnet. Items marked
[testnet]apply today; items marked[mainnet]apply at or after mainnet launch. Build against testnet now so the mainnet switch is a configuration change, not a rewrite.
| You are… | Start with |
|---|---|
| A smart-contract / QVM developer | Smart Contract Security → Pre-Deployment |
| An app / integration developer | Integration → Frontend & Wallet |
| A validator / node operator | Node & Validator Operations |
| An exchange / custodian | Exchange & Custody Integration |
| A bridge / cross-chain team | Bridge Integration |
| Setting up CI/CD | CI/CD & Release |
| # | Checklist | What it covers |
|---|---|---|
| 00 | Environment Setup | Toolchain, SDK, wallet, testnet, and RPC endpoints. |
| 01 | Account & Key Management | Post-quantum keys, Q-addresses, signing, key hygiene. |
| 02 | Smart Contract Security | QVM contract security checks mapped to real failure patterns. |
| 03 | Pre-Deployment | The gate before a contract goes to mainnet. |
| 04 | Integration | Reading state, building/signing/sending transactions, finality. |
| 05 | Frontend & Wallet | Qmask.io integration, address display, UX correctness. |
| 06 | Node & Validator Operations | Running nodes, RPC hardening, validator duties, monitoring. |
| 07 | Exchange & Custody Integration | Deposits, withdrawals, finality confirmation, key custody. |
| 08 | Bridge Integration | Finality-anchored deposits/withdrawals across chains. |
| 09 | CI/CD & Release | Automated build, test, verify, and release. |
| 10 | Mainnet Launch Readiness | The master go/no-go gate for a production launch. |
A condensed, one-page version of all of the above is in
SECURITY_CHECKLIST.md.
- Copy the relevant checklist into your PR or launch ticket. Each is GitHub-task-list formatted, so the boxes are clickable.
- Do not skip
[ ]items silently. If an item does not apply, mark it and write one line on why. - Re-run before every deployment, not just the first. The Pre-Deployment and Mainnet Launch Readiness lists are gates, not guides.
- For audits, the Smart Contract Security list is structured so each item maps to a check an auditor can verify.
[ ]an open task ·[x]done ·[testnet]/[mainnet]network scope.- Severity tags in the security checklist:
(critical),(high),(medium),(low). - Code snippets use the
q_JSON-RPC namespace and the@quantovaSDK.
- Website: https://quantova.org
- Developer documentation: https://quantova.org/static/pdfjs/web/viewer.html?file=/static/pdf/Gitbook-Quantova-Developer-Documentation.pdf#nameddest=cover&page=1&pagemode=bookmarks
- Developer content: the
developer-contentrepository - Consensus specifications: the
consensus-specsrepository
© 2026 Quantova Inc. See LICENSE.md. Checklists are provided for informational purposes and are not legal, financial, or security-audit advice.