Security parameter hardcoded + no #[deny(unsafe_code)] workspace lint

[jiayaoqijia]

Summary

Two code hygiene issues: (1) XMSS parameters (V=42, W=3, CHAIN_LENGTH=8) are compile-time constants with no generic parameterization, and (2) the workspace has no unsafe_code = "deny" lint, with undocumented unsafe usage in at least two locations.

Severity

LOW -- Code hygiene; current behavior is correct but fragile.

Location

Hardcoded parameters:

• crates/xmss/src/lib.rs:17-22 -- Constants V=42, W=3, CHAIN_LENGTH=8 are compile-time fixed with no generic parameterization

Missing unsafe lint:

• Cargo.toml:24-51 -- Workspace lints section has no unsafe_code lint
• crates/whir/src/utils.rs:147 -- unsafe { *evals.get_unchecked(src_index) } -- undocumented unsafe
• crates/backend/koala-bear/src/monty_31/monty_31.rs:223 -- unsafe { flatten_to_base(...) } -- undocumented unsafe

Impact

Parameters: Low -- current parameters are reasonable. Changing security targets requires recompilation.

Unsafe: Low -- existing unsafe appears correct on inspection. However, without the workspace lint, future un-reviewed unsafe additions could introduce memory safety bugs silently.

Suggested Fix

Parameters: Make XMSS parameters generic over a SecurityParams trait.

Unsafe lint: Add to workspace Cargo.toml:

[workspace.lints.rust]
unsafe_code = "deny"

Then annotate each justified unsafe block with a // SAFETY: comment explaining the invariant.

References

• Full audit: https://github.com/jiayaoqijia/eth2030/blob/master/docs/plans/lean-vm-audit.md
• Findings: F-14, F-15