FAQ

Audits

Every smart contract that holds your assets has been independently reviewed. Reports are published in full.

What audits do and do not do:

An audit reduces the probability that a bug survives to production. It does not prove the absence of bugs.

A serious audit examines contract logic, access control, upgrade mechanisms, integration points, and potential misuse by privileged roles. It identifies vulnerabilities by severity. It does not certify perfection.

Audits are one layer of defence. So are the design choices, operational practices, monitoring infrastructure, and insurance from Breach (technology-risk coverage, currently in progress) covering the underlying smart contract layer.

Published reports:

Audit 1: Vault contracts (initial review) Firm: [to be published] Scope: ERC-7540 vault implementation, access control, fee accrual logic Date: [to be published] Findings: [to be published] Report: [link to PDF]

Audit 2: NAV oracle and TimelockController Firm: [to be published] Scope: NAV oracle posting logic, timelock execution, guardian pause/unpause Date: [to be published] Findings: [to be published] Report: [link to PDF]

Audit 3: Re-audit after critical fixes Firm: [to be published] Scope: Re-review after addressing initial audit findings Date: [to be published] Findings: [to be published] Report: [link to PDF]

Reports will be linked as published. During pre-launch, audits are in progress.

What we do with findings:

A finding is not a failure. It is the audit working.

Critical and high findings are addressed before deployment: fixed, retested, re-audited if non-trivial. Medium and low findings are addressed based on impact and feasibility. Some are accepted as known limitations if the fix would add more complexity than the finding warrants. Accepted findings are documented.

The remediation history is part of the published record. You can see what was found, fixed, accepted, and why.

Ongoing monitoring:

Audits are point-in-time. Ongoing monitoring catches what emerges over time.

The platform monitors:

  • On-chain transaction patterns on vault contracts (unusual flows, anomalous behavior)
  • NAV oracle health (stale or inconsistent posts)
  • Custodian-side reconciliation (on-chain state vs. trading entity books)
  • Threat intelligence feeds for known exploit patterns

When something looks wrong, the Guardian can pause vault operations within minutes. The 96-hour timelock prevents abuse of the pause function.

What this is not:

This page is not a guarantee that the contracts are bug-free.

For the broader picture of what can go wrong technically, see technology risk. For human-layer risks, see operational security.

The audit reports are the source of truth for what auditors found. Read them if you are evaluating at institutional scale.

Resources3 of 5
← Previous
Smart contract addresses