search
Launch AppAsk on Discord

Security and Audits

hashtag
Code Security and Quality Assurance

hashtag
Internal Development Process

IPOR Labs employs a multi-layered quality assurance process covering every stage of the feature lifecycle:

  1. Unit and integration testing — every new feature and code modification requires test coverage.

  2. Internal audits using specialized LLM models — as part of our code review process, we leverage proprietary auditing tools powered by state-of-the-art large language models (LLMs). These tools are specifically designed for smart contract analysis and enable detection of subtle logic bugs, state inconsistencies, and potential attack vectors that may escape traditional code review.

  3. Code Review — every change undergoes a peer review process by team members, providing an additional layer of quality and security verification.

hashtag
Proprietary Audit Tools

IPOR Labs developes in-house security audit tools powered by the latest AI models. These tools specialize in:

  • Deep business logic analysis of smart contracts (Feynman technique — questioning every line of code, operation ordering, and implicit assumptions)

  • State inconsistency detection — identifying situations where an operation mutates one piece of coupled state without updating dependent components

  • Combined multi-layer analysis — fusing results from different audit techniques in a feedback loop to discover bugs at intersections that no single technique would catch alone

hashtag
External Audit Tool Evaluation

IPOR Labs actively tests and evaluates third-party automated smart contract security audit tools for potential inclusion in the pipeline:

Tool
Status

Wake Arena BETA (Ackee)

Under evaluation

AI Agent (Spearbit/Cantina)

Under evaluation

MixBytes Audit Tools

Under evaluation

Olympix

Under evaluation

TestMachine

Under evaluation

hashtag
Production Instance Auditing

Beyond source code audits, IPOR Labs conducts systematic verification of production instances, covering:

  • Code — verifying deployed code matches previously audited versions

  • Configuration — reviewing vault configuration parameters, role permissions, and module settings

  • Markets — validating market configurations, limits, and risk parameters of active strategies

hashtag
Audits

hashtag
BlocSec

Date: February 28, 2025 (v 1.0)

Covers the currently live contracts

Report (Google Docs PDF):

https://drive.google.com/file/d/1iqhAszOmUNUIuXuuAcwIHjL96de1zME5/view?usp=drive_linkarrow-up-right

Scope

  • Updated IPOR Fusion:

    • Fusion Vault

    • Base Fuses

    • Rewards Manager

    • Access Management

    • Price Oracle Middleware

    • Prehooks

    • Context Manager

    • Withdraw Manager

hashtag
Protofire

Date: September 6, 2024 (v 1.1)

Covers the currently live contracts

Report (Google Docs PDF):

https://drive.google.com/file/d/1UZE7J-pTfHY-XtgZtVYMAOh4tHXTCCN2/viewarrow-up-right

Scope

  • IPOR Fusion:

    • Fusion Vault

    • Base Fuses

    • Rewards Manager

    • Access Management

    • Price Oracle Middleware

PreviousConfiguring Pre-hooksNextOpen-source Repository

Last updated

Was this helpful?