FHE Engine Upgrade v0.5.0 — April 27, 13:00-16:00 UTC. Read migration guide →
4. Execution RoadmapPhase 6: Testnet & Audit

4.6. Phase 6: Testnet Deployment & Audit

Phase 6 represents the culmination of the Fhenix-FairMarket development lifecycle. This phase transitions the protocol from a validated codebase to a production-ready, audit-prepared system deployed on Fhenix Testnet.

By executing sequential deployment scripts, activating real-time KPI monitoring, stress-testing infrastructure via chaos engineering, and compiling a comprehensive Audit-Ready Package, this phase ensures that every cryptographic guarantee, economic mechanism, and user experience promise is verifiable, measurable, and defensible before Tier-A external audit engagement.

Phase Objective

  • Execute sequential deployment (Adapters → Proxy → Factory) on Fhenix Sepolia with verified contract publication.
  • Activate real-time KPI monitoring for CoFHE Resolution Latency, Fraud Proof Failure Rate, and claimRefund() Success Rate.
  • Implement automated alerting (Slack/PagerDuty) for emergency thresholds (>300s latency, >5% failure).
  • Conduct load testing (50 concurrent auctions) and chaos engineering (sequencer outage simulation) to validate resilience.
  • Compile a complete Audit-Ready Package (security-model.md, async-cofhe-flow.md, coverage reports) for external auditors (CertiK/OpenZeppelin).

Target File Structure

fhenix-fairmarket/
├── .github/workflows/
│ ├── deploy-testnet.yml # Sequential deployment + smoke test automation
│ └── ci-contracts.yml # Pre-deploy security gates (Slither, coverage)

├── packages/contracts/
│ ├── deploy/
│ │ ├── 00_deploy_adapters.ts # CofheAdapter + NFTGuard deployment
│ │ ├── 01_deploy_core_proxy.ts # UUPS Proxy + initialization
│ │ └── 02_setup_factory.ts # AuctionFactory cloning setup
│ └── test/
│ ├── mocks/ # MockEigenLayerAVS, MockCofhe for final validation
│ └── integration/CoFHEFlow.test.ts # End-to-end cycle verification

├── packages/keeper/
│ ├── docker-compose.yml # Production-ready Keeper stack (Redis + services)
│ └── config.ts # Testnet RPC, AVS endpoints, alert thresholds

├── docs/
│ ├── architecture/async-cofhe-flow.md # Visual data flow for auditors
│ ├── operations/monitoring-kpis.md # KPI definitions + alerting logic
│ ├── security-model.md # Threat matrix + mitigation proofs
│ └── audit/audit-checklist.md # P0/P1 verification checklist

└── monitoring/
 ├── alerts.yml # Prometheus/Grafana alert rules
 ├── dashboard.json # Pre-built Grafana dashboard import
 └── kpi-export.ts # Script to export metrics for audit reports

️ Execution Tasks & Audit Gates

TaskDescriptionAudit Gate (P0)
6.1 Sequential DeploymentExecute deploy-testnet.yml to publish contracts in dependency order: Adapters → Proxy → Factory. Verify on Block Explorer.All contracts deployed, verified, and initialized on Fhenix Testnet. Zero storage collisions.
6.2 KPI Monitoring SetupConfigure Prometheus + Grafana dashboard tracking: Avg CoFHE Latency, Fraud Proof Failures, claimRefund() Success, Keeper Execution Rate.Dashboard displays live, accurate data. Alert thresholds configured and tested.
6.3 Automated AlertingIntegrate Slack/PagerDuty webhooks for critical alerts: >300s resolution latency, >5% decryption failures, unauthorized upgrade attempt.Test alert successfully delivered to team. Alert logic matches documented thresholds.
6.4 Load & Chaos TestingRun load test (50 concurrent auctions) + chaos test (30-min sequencer outage simulation). Measure system stability and Dynamic Dead Man's Switch activation.System handles load without OOG or data loss. Emergency void triggers automatically on outage.
6.5 Audit Package CompilationAggregate security-model.md, async-cofhe-flow.md, test coverage reports, and P0/P1 checklist into audit/audit-ready-package.zip.Package contains all required artifacts. Zero P0 items outstanding. Documentation matches code 100%.

Technical Implementation

1. Sequential Deployment Script (deploy-testnet.yml)

Ensures dependency-safe deployment with automatic verification and smoke testing.

# .github/workflows/deploy-testnet.yml
name: Deploy to Fhenix Testnet
on:
 push:
 branches: [release/testnet]
 workflow_dispatch:
 
jobs:
 deploy:
 runs-on: ubuntu-latest
 steps:
 - uses: actions/checkout@v4
 
 - name: Setup Node & pnpm
 uses: pnpm/action-setup@v2
 with:
 version: 9
 run_install: true
 
 - name: Deploy Adapters
 run: pnpm hardhat run packages/contracts/deploy/00_deploy_adapters.ts --network fhenix-testnet
 env:
 RPC_URL: ${{ secrets.FHENIX_TESTNET_RPC }}
 PRIVATE_KEY: ${{ secrets.DEPLOYER_PK }}
 
 - name: Deploy Core Proxy
 run: pnpm hardhat run packages/contracts/deploy/01_deploy_core_proxy.ts --network fhenix-testnet
 env: { RPC_URL: ${{ secrets.FHENIX_TESTNET_RPC }}, PRIVATE_KEY: ${{ secrets.DEPLOYER_PK }} }
 
 - name: Verify Contracts
 run: pnpm hardhat verify --network fhenix-testnet $(cat .deployed-addresses.json | jq -r '.proxy')
 
 - name: Smoke Test
 run: pnpm hardhat test:integration --network fhenix-testnet

2. KPI Monitoring Configuration (monitoring/alerts.yml)

Defines alerting logic for critical protocol health indicators.

# monitoring/alerts.yml (Prometheus Rule Format)
groups:
 - name: fhenix-fairmarket-critical
 rules:
 - alert: CoFHE_Resolution_Latency_High
 expr: avg(cofhe_resolution_latency_seconds) > 300
 for: 5m
 labels: { severity: critical }
 annotations:
 summary: "CoFHE resolution latency exceeds 300s threshold"
 action: "Add AVS validators or investigate FHEOS health"
 
 - alert: Fraud_Proof_Failure_Detected
 expr: rate(fraud_proof_verification_failures_total[5m]) > 0
 for: 1m
 labels: { severity: critical }
 annotations:
 summary: "Fraud proof verification failed - potential AVS manipulation"
 action: "Activate EmergencyHalt immediately"
 
 - alert: ClaimRefund_Success_Rate_Low
 expr: 1 - (rate(claim_refund_success_total[5m]) / rate(claim_refund_attempted_total[5m])) > 0.01
 for: 10m
 labels: { severity: warning }
 annotations:
 summary: "claimRefund() success rate below 99%"
 action: "Review Bundler gas limits and network congestion"

3. Chaos Engineering Test Script (scripts/chaos-test.ts)

Simulates network failures to validate Dynamic Dead Man's Switch resilience.

// scripts/chaos-test.ts
import { ethers, network } from 'hardhat';
import { expect } from 'chai';
 
describe('Chaos Engineering: Sequencer Outage Simulation', () => {
 it('should trigger Dynamic Dead Man\'s Switch after 30-min simulated outage', async () => {
 const [deployer, bidder] = await ethers.getSigners();
 const contract = await ethers.getContractAt('FhenixFairMarket', PROXY_ADDRESS);
 
 // 1. Create and fund auction
 await contract.connect(bidder).lockEscrow(AUCTION_ID, { value: ethers.parseEther('2') });
 await contract.connect(bidder).placeBid(AUCTION_ID, encryptedBid);
 
 // 2. Simulate sequencer halt by advancing time beyond dynamic timeout
 const timeout = await contract._getResolutionTimeout();
 await network.provider.send('evm_increaseTime', [Number(timeout) + 1800]); // +30 min buffer
 await network.provider.send('evm_mine');
 
 // 3. Trigger fallback void (permissionless)
 await contract.triggerFallbackVoid(AUCTION_ID);
 
 // 4. Verify state transition and fund recovery
 expect(await contract.getAuctionState(AUCTION_ID)).to.equal('VOIDED');
 expect(await contract.escrowBalances(AUCTION_ID, bidder.address)).to.equal(ethers.parseEther('2'));
 
 // 5. Verify FHE engine disabled
 expect(await contract.fheEngineActive(AUCTION_ID)).to.be.false;
 });
});

Deployment & Monitoring Architecture

️ Security & Operational Guarantees

  1. Dependency-Safe Deployment: Sequential script (Adapters → Proxy → Factory) prevents initialization errors or storage layout collisions. Contract verification on Block Explorer ensures public auditability.
  2. Real-Time Threat Detection: KPI monitoring coupled with automated alerting enables sub-5-minute response to critical anomalies (Fraud Proof failures, latency spikes), protecting user funds proactively.
  3. Resilience-by-Design Validation: Chaos engineering tests prove that Dynamic Dead Man's Switch activates automatically during infrastructure failures, guaranteeing capital recovery without manual intervention.
  4. Audit Transparency: The compiled Audit-Ready Package provides external auditors with complete architectural diagrams, threat mitigations, test coverage reports, and P0/P1 verification checklists—eliminating ambiguity and accelerating review cycles.
  5. Zero-Downtime Rollback: Deployment workflow includes pre-defined rollback steps (revert to previous proxy implementation) approved by governance multisig, ensuring safe recovery from unexpected issues.

Phase 6 Final Audit Gate (Definition of Done)

Progression to Mainnet Launch is strictly blocked until all P0 criteria are verified and signed off:

  • [] All contracts deployed, verified, and initialized on Fhenix Testnet with zero storage collisions.
  • [] KPI dashboard displays live, accurate data for all critical metrics (latency, success rate, keeper execution).
  • [] Automated alerting successfully delivers test notifications to Slack/PagerDuty.
  • [] Load test (50 concurrent auctions) completes without OOG, data loss, or Decryption Timeout.
  • [] Chaos test (30-min sequencer outage) triggers Dynamic Dead Man's Switch and recovers 100% of funds automatically.
  • [] Audit-Ready Package compiled with: security-model.md, async-cofhe-flow.md, test coverage ≥90%, P0/P1 checklist complete.
  • [] Documentation matches deployed code 100% (no drift between README.md and on-chain behavior).
  • [] Governance multisig approves Definition of Done and signs off for Tier-A External Audit engagement.

Timeline & Dependencies

MetricValue
Estimated Duration10–14 days
Team Size3–4 Engineers (DevOps + Security + QA)
DependenciesPhases 1-5 complete; all P0 Audit Gates passed
EnablesTier-A External Audit → Mainnet Launch → DAO Governance Handoff

Parallel Development Note: While Phase 6 executes, the security team can begin preliminary review of the Audit-Ready Package to accelerate external audit onboarding. However, formal audit engagement requires final sign-off on all P0 items.

Next Steps

Phase 5: Frontend & UX 2.0