Scope
The audit package should include:| Area | Included artifacts |
|---|---|
| Contracts | Vault, strategy, NAV source, deployment scripts, role configuration, tests |
| Keeper | State machine, dry-run/live guards, heartbeat, action selection, failure handling |
| API | Readiness gates, quote builders, OpenAPI schema, activity/indexer correctness |
| SDK | Transaction builders, typed clients, React Native compatibility, error handling |
| Operations | Railway services, cron jobs, env-var matrix, monitoring, runbooks |
| Docs | Flow of funds, accounting/proof, user lifecycle, partner integration examples |
Reviewer questions
External reviewers should be able to answer these without asking for private operational context:- Can strategy-controlled funds move only through intended paths?
- Are vault share-price calculations complete across buffer, strategy, Core, HLP, and in-flight states?
- Can queued redeem accounting be double-counted, skipped, or claimed by the wrong receiver?
- Can stale API/indexer state cause partners to show unsafe write actions?
- Can a keeper crash, stale state file, or duplicate keeper create inconsistent routing?
- Do access-gated docs and product UI avoid claiming unsupported revenue or audit status?
Required evidence
Run and attach results from:- Current deployed contract addresses
- Role table
- Keeper environment matrix with secrets redacted
- Live
/api/v1/healthresponse - Live
/api/v1/vaultproof response - A queued redeem lifecycle trace from requested to claimed
- Known limitations and unresolved issues
Non-goals
Do not present these as complete before they exist:- Formal audit report
- Public bug bounty
- SLA-backed API uptime
- Live partner revenue sharing
- Permissionless public launch