Skip to content

Security Audits

Rugdrome has undergone a comprehensive security review using multiple static-analysis, fuzzing, and formal-verification tools.

Audit Tools & Results

ToolTypeResult
Slither 0.11.5Static analysis1140 results (mostly low/info)
Aderyn 0.6.8Static analysis87+ results (mostly false positives)
SolhintLinter0 errors, 33 cosmetic warnings
Foundry fuzzingFuzz (1000 runs)7 bugs found, all fixed
SMTChecker (CHC)Formal verification0 counterexamples
MedusaFuzz (71704 calls)0 failures
Mythril 0.24.8Symbolic execution0 issues detected

Bugs Found & Fixed

IDSeverityBugFileStatus
F-1CriticalFullMath.mulDiv 0.8.x checked arithmetic overflowFullMath.solFixed
F-2CriticalInverted denominator in _getNextSqrtPriceFromInputSwapMath.solFixed
F-3CriticalInverted denominator in _getNextSqrtPriceFromOutputSwapMath.solFixed
F-4HighOverflow in _getNextSqrtPriceFromInput (!zeroForOne)SwapMath.solFixed
F-5HighOverflow in _getNextSqrtPriceFromOutput (zeroForOne)SwapMath.solFixed
F-6MediumamountOut exceeds requested in exact outputSwapMath.solFixed
F-7MediumamountIn exceeds remaining in exact inputSwapMath.solFixed

Full Audit Report

The detailed static-analysis report is available in the audits/ directory. See:

  • audits/AUDIT_STATIC_ANALYSIS.md
  • audits/README.md

Production Checklist

Before mainnet deployment, review the following areas:

  1. CLPool / TickMath / SqrtPriceMath correctness
  2. CLGauge reward distribution and NFT handling
  3. VotingEscrow rebase and checkpoint math
  4. Governance proposal lifecycle and timelock role wiring

Released under the GNU AGPL v3 License.