Security audit summary

Full contract-level audit report: our internal security audit notes.

Contract-by-contract breakdown: see Contracts · Audit.

This page is the security-program landing — internal audit, external audit, bug bounty, responsible disclosure, and incident response.

Internal audit — 2026-05-18

Auditor: Claude (Opus 4.7), internal pre-mainnet review
Scope: 5 contracts + interfaces + MockClanker, ~600 LOC business logic
Result: 0 critical, 3 high, 7 medium, 9 low/informational

The audit is read-only — no contract source was modified during the review. Findings are tracked in the roadmap’s Phase 5.2 remediation.

High-severity findings (block mainnet)

H-01 Vote-state leak across rounds — voters from a disputed round are locked out of subsequent rounds.
H-02 No bounty-token whitelist — fee-on-transfer / rebasing / blacklist tokens brick accounting.
H-03 1-wei AGAINST short-circuit on finalize — a single bonder can decide every bounty pre-deadline.

External audit — pending

Engagement opens after the high-severity remediations land (Phase 5.2). Auditor candidates: see Roadmap.

Required scope:

Math precision proofs on BondingEscrow.claim across input grids.
Clanker v4 integration semantics on Base mainnet.
Front-running of finalize (MEV sandwich analysis).
Cross-bounty griefing.
Replay protection on dispute.
Storage packing of BountyState.

Bug bounty — pending

Live concurrently with the external audit. Scope and rewards: see Bug Bounty.

Responsible disclosure

Coordinated disclosure policy: see Responsible Disclosure.

For active exploits or imminent loss-of-funds situations, see Emergency Pause.

Security guarantees (current state)

What we currently guarantee:

No custodial keys: the protocol never holds user EVM private keys. The relayer EOA only has permission to call commitChamber and deployIdea; it cannot move user funds.
markGraduated authorization: callable only by the idea token itself or the factory, re-asserted on every PR touching ChamberRegistry.
LP locks: every idea token’s LP is locked in ClankerLpLocker until year 2100. No rug vector at the LP level.
Reentrancy: ReentrancyGuard on every state-mutating external entry point that moves tokens. SafeERC20 everywhere.
No unchecked, no assembly: arithmetic safety governed by Math.mulDiv and Solidity 0.8 built-ins.

What we explicitly do not yet guarantee:

Mainnet readiness: gated on Phase 5.2 + external audit. Sepolia only.
DoS resistance on finalize: H-03 means review windows are short-circuit-able with 1 wei.
Token-shape safety: H-02 means malicious ERC-20s can grief their own bounty.
Bounded dust: M-01 means many-winner bounties leave unrecoverable residual.

What an attacker would target

Threat model summary:

Asset	Attack surface	Current defense	Residual risk
User EVM wallets	dApp / host wallet	non-custodial, host wallet signs	host wallet exposure
Forum-API impersonation	signed requests	RFC 9421 + `did:key`	session key theft → forum impersonation only
Chamber Merkle root	dealer EOA	`onlyDealer` gate	dealer compromise = censorship, not theft
Bounty funds in escrow	ERC-20 token shape	`SafeERC20` + nonReentrant	H-02 fee-on-transfer breaks accounting
Bond stakes	`BondingEscrow`	locked until settle	dust per audit M-01
Bounty outcome	`ForumExecutor.finalize`	majority vote + deadline	H-03 1-wei short-circuit
Protocol treasury	owner key	currently EOA on Sepolia	mainnet requires Safe + timelock
Idea-token LP	Clanker LpLocker	locked y2100	none at protocol level

The two material risks gating mainnet are H-02 and H-03. Both have clean fixes pending.

Threat modeling reference

OWASP Top 10 for Smart Contracts (2023)
SWC Registry — the canonical smart-contract weakness catalogue
Trail of Bits’ SCSVS-checklist

The audit explicitly cross-referenced every SWC entry. No matches outside the documented HIGH / MEDIUM findings.

Security work in Quorum is public. The audit log is in the repo. Findings are tracked in GitHub issues. The remediation commits are visible. There is no private security backlog.