It does dynamically allocate, though it always checks for success. It could be refactored not to but so far we haven't targeted devices small enough to worry about a megabyte or two of RAM. There are also checks in place to guard against memory exhaustion attacks where applicable.

We just did phase I of a professional audit for V2. It was a design audit, but we're doing a code audit too. V2's code base will be a bit cleaner.

Cool! Just a thing to think about! Code size is a useful metric, especially as it improves auditability. But not having to think about object lifecycle bugs ("can this timer fire into a freed connection state block", etc) is a huge intrinsic structural win. Having an unusually clear, audited documentation of the lifecycles of all the objects in your design would also go a long way.