Equity-Based React Native Wallet

Status: The MVP is already live internally. Core flows work end‑to‑end on React Native (Expo/bare) with Supabase Functions on the backend. I’m looking for a partner to optimize the codebase and close any security gaps before we scale. What we’re building A mobile wallet where users can securely hold and manage multiple digital currencies. Seamless movement between bank accounts and the wallet’s balance (sandbox is connected). Real‑time transaction notifications (APNs/FCM) with reliable delivery and sensible privacy defaults. Auth currently uses password; biometrics will be added after hardening & stabilization. Your mission Security hardening across app and backend: secret handling, storage, network, auth, and data access. Codebase optimization: architecture, performance, and reliability for both iOS and Android. Release readiness: smooth CI/CD, crash‑free startup, and App Store/Play compliance. Scope (concrete) ✅ React Native refactor to a clear module structure (domain/UI/data), TypeScript strict, ESLint/Prettier. ✅ Secrets: remove any plaintext keys; use env injection + secure storage (Keychain/Keystore). ✅ OWASP Mobile basics: jailbreak/root detection, screenshot/overlay protections where relevant, TLS pinning (where feasible), secure clipboard/notifications (no sensitive payloads when locked). ✅ Supabase: enforce RLS everywhere, least‑privilege policies, JWT claim checks, rate limits, audit logs (minimize PII). ✅ Auth: strong password policy, lockouts, session/refresh rotation, CS/PKCE where applicable. ✅ Banking & buy/sell flows: stabilize error handling, idempotency, and retry logic; full sandbox test cases. ✅ Push notifications: delivery reliability, background handling, and “privacy mode” content. ✅ Observability: crash reporting, performance traces, server metrics; PII‑safe logs. ✅ Supply chain: dependency audit (SCA), pinned lockfiles, automated secrets scan, reproducible builds. ✅ CI/CD: test + lint + type checks + mobile builds; fastlane/EAS (or equivalent). ✅ Store readiness: passes static/dynamic checks; complies with App Store/Play financial‑app rules. Deliverables A clean, well‑structured React Native app linked to Supabase Functions, with TypeScript strict mode and linting enforced. Signed iOS/Android builds that meet store submission requirements (testflight/internal test tracks). Security checklist + brief technical docs (setup, env, deployment, threat model summary, runbooks). Acceptance criteria Users can create a wallet, sign in with password, view balances, and review transaction history. Bank integration, buy/sell flow, and push notifications run smoothly in sandbox with test plans. No sensitive keys in plaintext; secrets handled via environment and secure storage. RLS enforced on all data paths; automated tests cover auth, balances, transactions, and notifications. Static analysis, dependency audit, and secrets scan pass with no high‑severity findings. Crash‑free sessions ≥ 99.5% on internal testing. Nice to have (not required on day 1) Biometric auth (Face/Touch ID) behind a feature flag. App Attest / Play Integrity checks. MASVS L1 alignment documented. Compensation Equity instead of cash for the right partner. We can define vesting/cliff once scope and ownership are confirmed. If this sounds like your arena, send a short note with relevant RN/Supabase work, links to repos/apps, and your proposed approach to the security pass.

Project ID: 39732438