# Security and Audits

## Code Security and Quality Assurance

### Internal Development Process

IPOR Labs employs a multi-layered quality assurance process covering every stage of the feature lifecycle:

1. Unit and integration testing — every new feature and code modification requires test coverage.
2. Internal audits using specialized LLM models — as part of our code review process, we leverage proprietary auditing tools powered by state-of-the-art large language models (LLMs). These tools are specifically designed for smart contract analysis and enable detection of subtle logic bugs, state inconsistencies, and potential attack vectors that may escape traditional code review.
3. Code Review — every change undergoes a peer review process by team members, providing an additional layer of quality and security verification.

### Proprietary Audit Tools

IPOR Labs developes in-house security audit tools powered by the latest AI models. These tools specialize in:

* Deep business logic analysis of smart contracts (Feynman technique — questioning every line of code, operation ordering, and implicit assumptions)
* State inconsistency detection — identifying situations where an operation mutates one piece of coupled state without updating dependent components
* Combined multi-layer analysis — fusing results from different audit techniques in a feedback loop to discover bugs at intersections that no single technique would catch alone

### External Audit Tool Evaluation

IPOR Labs actively tests and evaluates third-party automated smart contract security audit tools for potential inclusion in the pipeline:

| Tool                        | Status           |
| --------------------------- | ---------------- |
| Wake Arena BETA (Ackee)     | Under evaluation |
| AI Agent (Spearbit/Cantina) | Under evaluation |
| MixBytes Audit Tools        | Under evaluation |
| Olympix                     | Under evaluation |
| TestMachine                 | Under evaluation |

### Production Instance Auditing

Beyond source code audits, IPOR Labs conducts systematic verification of production instances, covering:

* Code — verifying deployed code matches previously audited versions
* Configuration — reviewing vault configuration parameters, role permissions, and module settings
* Markets — validating market configurations, limits, and risk parameters of active strategies

## Audits

### BlocSec

Date: February 28, 2025 (v 1.0)

<mark style="color:green;">**Covers the currently live contracts**</mark>

Report (Google Docs PDF):

<https://drive.google.com/file/d/1iqhAszOmUNUIuXuuAcwIHjL96de1zME5/view?usp=drive_link>

**Scope**

* Updated IPOR Fusion:
  * Fusion Vault
  * Base Fuses
  * Rewards Manager
  * Access Management
  * Price Oracle Middleware
  * Prehooks
  * Context Manager
  * Withdraw Manager

### Protofire

Date: September 6, 2024 (v 1.1)

<mark style="color:green;">**Covers the currently live contracts**</mark>

Report (Google Docs PDF):

[https://drive.google.com/file/d/1UZE7J-pTfHY-XtgZtVYMAOh4tHXTCCN2/view](https://drive.google.com/file/d/1UZE7J-pTfHY-XtgZtVYMAOh4tHXTCCN2/view?usp=sharing)

**Scope**

* IPOR Fusion:
  * Fusion Vault
  * Base Fuses
  * Rewards Manager
  * Access Management
  * Price Oracle Middleware