Skip to main content
Strip treats security as an ongoing process, not a checkbox. The protocol’s core economic rules are fixed in code, sensitive parameter changes pass through a 24-hour timelock, and keeper permissions are rate-limited onchain (see Trust Assumptions for the full model). This page covers external review of the code itself.

Audits

ScopeAuditorDateReport
Core protocol (vaults, emissions, staking, boost)TBATBATBA
WeightedPoolHook + PoolWrapper (Uniswap v4 AMM)TBATBATBA
stSTRIP (FundedStakingContract) and fee routingTBATBATBA
Final audit reports will be linked here in full. Audits reduce risk; they do not eliminate it. Read Risks before participating.

Internal review

Beyond external audits, the codebase goes through continuous internal review: an extensive Foundry test suite, end-to-end integration tests that deploy the full protocol stack against a local chain and exercise the live keeper code, and repeated adversarial review rounds during development. Findings from these rounds are fixed before deployment and tracked in the repository.

Bug bounty

TBA. Bounty scope, tiers, and submission process will be published here. In the meantime, suspected vulnerabilities can be reported privately to the team via TBA. Please do not disclose potential vulnerabilities publicly before the team has had a reasonable opportunity to investigate and remediate.

Verifying the protocol yourself

Strip’s position is simple: users should not have to trust claims they cannot check. The code is public, the addresses are canonical, and the protocol’s output is observable onchain.