Skip to content

Security Audits

Independent security reviews of the Vibestarter protocol contracts. Review and remediation are part of getting the protocol ready for mainnet, so expect this page to grow as further audits land.

[ Threat Log ]

[ Critical & High ]

1 finding
  • VIB-01High

    Frozen refund denominator included non-redeemable AMM / project-token balances

    ✓ Remediated

[ High / Medium ]

3 findings
  • VIB-02High / Medium

    Operations admin could manipulate the frozen refund denominator via mutable custody-address setters

    ✓ Remediated
  • VIB-03High / Medium

    Deployment completeness was not fail-closed and could silently strand staker rewards

    ✓ Remediated
  • VIB-04High / Medium

    Historical staker rewards could become permanently unclaimable after a full unstake

    ✓ Remediated

[ Medium ]

4 findings
  • VIB-05Medium

    Staking snapshot backfill could make long-lived stakers unable to unstake

    ✓ Remediated
  • VIB-07Medium

    Public registry registration could squat predicted factory token addresses

    ✓ Remediated
  • VIB-08Medium

    A weak or collusive challenge could consume the only tranche challenge slot

    ✓ Remediated
  • VIB-09Medium

    Manual LP recovery proof could accept non-canonical pools or withdrawable claimers

    ✓ Remediated

[ Low ]

3 findings
  • VIB-06Medium / Low

    Staker rewards could be stranded by same-block eligibility mismatch or floor rounding

    ✓ Remediated
  • VIB-10Low / Medium

    Community rewards batch totals were not enforced at claim time

    ✓ Remediated
  • VIB-11Low / Medium

    Accrued platform fees could become unreachable after freeze / refund

    ✓ Remediated
← All documentation