Audit Reports
This page tracks all security audits conducted on the Noderr Protocol.
Audit Status
| Phase | Status | Auditor | Date |
|---|---|---|---|
| Testnet | Internal Review | Noderr Team | December 2025 |
| Pre-Mainnet | Scheduled | TBD | H2 2026 |
| Post-Launch | Planned | TBD | Post Q2 2027 |
Testnet Audit (Current)
Scope
- ERC-7540 Vault Contracts
- Governance Contracts
- Oracle Integration
- Node Client Software
Findings Summary
| Severity | Count | Status |
|---|---|---|
| Critical | 0 | N/A |
| High | 0 | N/A |
| Medium | 2 | Resolved |
| Low | 5 | Resolved |
| Informational | 8 | Acknowledged |
Key Findings
Medium Severity:
M-01: Missing Input Validation in Deposit
- Location:
ERC7540VaultBase.sol - Status: ✅ Resolved
- Fix: Added minimum deposit check
- Location:
M-02: Potential Reentrancy in Claim
- Location:
ERC7540VaultBase.sol - Status: ✅ Resolved
- Fix: Added
nonReentrantmodifier
- Location:
Low Severity:
- L-01: Missing Event Emissions - ✅ Resolved
- L-02: Inconsistent Error Messages - ✅ Resolved
- L-03: Unused State Variables - ✅ Resolved
- L-04: Missing Zero Address Checks - ✅ Resolved
- L-05: Floating Pragma - ✅ Resolved
Pre-Mainnet Audit (Planned)
Scope
Full protocol audit including:
- All smart contracts
- Node client software
- API security
- Infrastructure
Timeline
- H1 2026: Auditor selection and RFP
- H2 2026: Audit execution and remediation
- Q1–Q2 2027: Mainnet launch
Candidate Auditors
- Trail of Bits
- OpenZeppelin
- Consensys Diligence
- Spearbit
Bug Bounty Program
Launching with Mainnet
| Severity | Reward Range |
|---|---|
| Critical | $50,000 - $100,000 |
| High | $10,000 - $50,000 |
| Medium | $2,500 - $10,000 |
| Low | $500 - $2,500 |
Scope
- Smart contracts on Base mainnet
- Node client software
- API endpoints
- Frontend security
Out of Scope
- Testnet contracts
- Third-party integrations
- Social engineering
- DoS attacks
Reporting Security Issues
Email: security@noderr.xyz
PGP Key: Available on request
Please include:
- Detailed description
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Last Updated: December 2025