Security Audits
Rugdrome has undergone a comprehensive security review using multiple static-analysis, fuzzing, and formal-verification tools.
Audit Tools & Results
| Tool | Type | Result |
|---|---|---|
| Slither 0.11.5 | Static analysis | 1140 results (mostly low/info) |
| Aderyn 0.6.8 | Static analysis | 87+ results (mostly false positives) |
| Solhint | Linter | 0 errors, 33 cosmetic warnings |
| Foundry fuzzing | Fuzz (1000 runs) | 7 bugs found, all fixed |
| SMTChecker (CHC) | Formal verification | 0 counterexamples |
| Medusa | Fuzz (71704 calls) | 0 failures |
| Mythril 0.24.8 | Symbolic execution | 0 issues detected |
Bugs Found & Fixed
| ID | Severity | Bug | File | Status |
|---|---|---|---|---|
| F-1 | Critical | FullMath.mulDiv 0.8.x checked arithmetic overflow | FullMath.sol | Fixed |
| F-2 | Critical | Inverted denominator in _getNextSqrtPriceFromInput | SwapMath.sol | Fixed |
| F-3 | Critical | Inverted denominator in _getNextSqrtPriceFromOutput | SwapMath.sol | Fixed |
| F-4 | High | Overflow in _getNextSqrtPriceFromInput (!zeroForOne) | SwapMath.sol | Fixed |
| F-5 | High | Overflow in _getNextSqrtPriceFromOutput (zeroForOne) | SwapMath.sol | Fixed |
| F-6 | Medium | amountOut exceeds requested in exact output | SwapMath.sol | Fixed |
| F-7 | Medium | amountIn exceeds remaining in exact input | SwapMath.sol | Fixed |
Full Audit Report
The detailed static-analysis report is available in the audits/ directory. See:
audits/AUDIT_STATIC_ANALYSIS.mdaudits/README.md
Production Checklist
Before mainnet deployment, review the following areas:
CLPool/TickMath/SqrtPriceMathcorrectnessCLGaugereward distribution and NFT handlingVotingEscrowrebase and checkpoint math- Governance proposal lifecycle and timelock role wiring