Audit Preparation Checklist

This document outlines the preparation required for the pre-mainnet security audit.

Documentation Requirements

Smart Contracts

  • [x] Contract architecture diagram
  • [x] Function-level documentation (NatSpec)
  • [x] Access control matrix
  • [x] Upgrade procedures
  • [x] Emergency procedures

Protocol Design

  • [x] ERC-7540 implementation specification
  • [x] Validator selection mechanism
  • [x] TrustFingerprint algorithm
  • [x] Fee structure documentation

Deployment

  • [x] Deployment scripts
  • [x] Contract addresses (testnet)
  • [ ] Contract addresses (mainnet) - TBD
  • [x] Verification procedures

Code Quality

Testing

  • [x] Unit tests (24/24 passing)
  • [x] Integration tests
  • [ ] Fuzzing tests (in progress)
  • [ ] Formal verification (planned)

Coverage

ContractLine CoverageBranch Coverage
ERC7540VaultBase95%90%
ValidatorFulfillmentManager85%80%
GovernorNoderr90%85%

Static Analysis

  • [x] Slither analysis
  • [x] Mythril scan
  • [ ] Certora prover (planned)

Known Issues

Document all known issues and accepted risks:

IssueSeverityStatusRationale
Single admin key (testnet)MediumAcceptedMulti-sig for mainnet
No formal verificationLowPlannedScheduled for H2 2026 (pre-mainnet)

Scope Definition

In Scope

contracts/
├── contracts/
│   ├── core/
│   │   ├── ValidatorFulfillmentManager.sol
│   │   └── GuardianWorkloadManagerV2.sol
│   ├── governance/
│   │   ├── GovernorNoderr.sol
│   │   └── TimelockController.sol
│   ├── tokens/
│   │   └── NODRToken.sol
│   └── vaults/
│       ├── base/
│       │   └── ERC7540VaultBase.sol
│       ├── ConservativeVault7540.sol
│       ├── ModerateVault7540.sol
│       ├── AggressiveVault7540.sol
│       ├── InverseVault7540.sol
│       ├── HedgedVault7540.sol
│       └── ConfigurableVault7540.sol

Out of Scope

  • Node client software (separate audit)
  • Frontend code
  • Third-party dependencies (audited separately)
  • Test contracts

Auditor Requirements

Expertise Required

  • ERC-4626/ERC-7540 tokenized vaults
  • OpenZeppelin upgradeable contracts
  • Chainlink VRF integration
  • DeFi protocol security

Deliverables Expected

  1. Full audit report
  2. Severity classifications
  3. Remediation recommendations
  4. Re-audit of fixes
  5. Final sign-off

Timeline

PhaseDurationDescription
Preparation2 weeksDocumentation, code freeze
Initial Audit4 weeksFull code review
Remediation2 weeksFix identified issues
Re-audit1 weekVerify fixes
Final Report1 weekDocumentation

Budget Estimate

ItemEstimate
Initial Audit$80,000 - $150,000
Re-audit$15,000 - $30,000
Formal Verification$50,000 - $100,000
Total$145,000 - $280,000

Contact Information

Technical Lead: dev@noderr.xyz Security Lead: security@noderr.xyz

Last Updated: December 2025

results matching ""

    No results matching ""