Security & Audits
Security & audit history.
Security is the foundation of Rheofi. Every smart contract is reviewed before reaching production. This page tracks completed audits, formal verification scope, and ongoing security practices.
Rheofi has been audited by leading security firms. Reports are published as each audit completes.
| Auditor | Scope | Date | Report |
|---|---|---|---|
| Certik | Liquidity Pools & Comptroller | May 2025 | View Report |
| Peckshield | Governance & Timelock | July 2025 | View Report |
| Quantstamp | Token Converters & Risk Fund | September 2025 | View Report |
| OpenZeppelin | Oracle Integration | November 2025 | View Report |
Critical components — Comptroller, interest-rate models, and liquidation logic — have undergone formal verification to mathematically prove correctness properties. This goes beyond traditional auditing.
Timelocks
All governance actions are subject to timelocks, giving the community time to review changes before they execute.
Access control
Fine-grained role-based access via the AccessControlManager — every privileged function checks permissions before executing.
Monitoring
Real-time on-chain monitoring with alerting for anomalous activity. Outlier behavior triggers operator review immediately.
Incident response
A documented incident-response plan is maintained and regularly tested. Discovered a vulnerability? Report it privately to the Rheofi security team.