Audits
| Scope | Auditor | Date | Report |
|---|---|---|---|
| Core protocol (vaults, emissions, staking, boost) | TBA | TBA | TBA |
| WeightedPoolHook + PoolWrapper (Uniswap v4 AMM) | TBA | TBA | TBA |
| stSTRIP (FundedStakingContract) and fee routing | TBA | TBA | TBA |
Internal review
Beyond external audits, the codebase goes through continuous internal review: an extensive Foundry test suite, end-to-end integration tests that deploy the full protocol stack against a local chain and exercise the live keeper code, and repeated adversarial review rounds during development. Findings from these rounds are fixed before deployment and tracked in the repository.Bug bounty
TBA. Bounty scope, tiers, and submission process will be published here.
In the meantime, suspected vulnerabilities can be reported privately to the team via TBA. Please do not disclose potential vulnerabilities publicly before the team has had a reasonable opportunity to investigate and remediate.
Verifying the protocol yourself
- Source code: github.com/stripyield
- Deployed addresses: Contract Addresses
- Live protocol activity: the transparency dashboard surfaces every harvest, buyback, burn, emission allocation, and boost root in real time.
