Security & Audits
Security is the foundation of the Rheofi Protocol. The protocol adopts a security-first approach at every stage of development, from initial design through deployment and ongoing operation. All smart contracts undergo rigorous review before reaching production.
Audit History
Rheofi has been audited by leading security firms in the blockchain industry. The following table summarizes completed audits:
| Auditor | Scope | Date | Report |
|---|---|---|---|
| Certik | Liquidity Pools & Comptroller | May 2025 | View Report |
| Peckshield | Governance & Timelock | July 2025 | View Report |
| Quantstamp | Token Converters & Risk Fund | September 2025 | View Report |
| OpenZeppelin | Oracle Integration | November 2025 | View Report |
Bug Bounty Program
Rheofi maintains an active bug bounty program on Immunefi to incentivize responsible disclosure of vulnerabilities. The program covers all deployed smart contracts and offers rewards based on severity:
| Severity | Reward |
|---|---|
| Critical | Up to $100,000 |
| High | Up to $25,000 |
| Medium | Up to $5,000 |
| Low | Up to $1,000 |
Formal Verification
Critical protocol components—including the Comptroller, interest rate models, and liquidation logic—have undergone formal verification to mathematically prove correctness properties. This provides an additional layer of assurance beyond traditional auditing.
Ongoing Security Practices
- Timelocks: All governance actions are subject to timelocks, providing the community with time to review changes before execution.
- Access Control: Fine-grained role-based access control via the AccessControlManager contract.
- Monitoring: Real-time on-chain monitoring and alerting for anomalous activity.
- Incident Response: A documented incident response plan is maintained and regularly tested.
If you discover a potential vulnerability, please report it through the Immunefi bug bounty program rather than disclosing it publicly.