Audits & Security
Audits
Rheo has conducted 10+ external audits to date by several firms, with plans to continuously review code.
| Date | Version | Auditor | Scope/ Description |
|---|---|---|---|
| 2025-06-23 | v1.8 | Omniscia | Incremental audit, fix review |
| 2025-06-23 | v1.8 | Hashlock | Incremental audit, fix review |
| 2025-06-14 | v1.8-rc | Cantina | Incremental audit, user vaults |
| 2025-05-26 | v1.8-rc | Custodia Security | Incremental audit, deploy scripts |
| 2025-02-26 | v1.7 | Cantina | Full codebase |
| 2025-02-12 | v1.6.1 | Custodia Security | Incremental audit, copy trading |
| 2024-12-10 | v1.5.1 | Chain Defenders | Incremental audit, fallback oracle |
| 2024-11-13 | v1.5 | Custodia Security | Incremental audit, cross-market liquidity |
| 2024-06-10 | v1.0 | Code4rena | Full codebase, $200k competition pot |
| 2024-06-08 | v1.0-rc | Spearbit | Full codebase |
| 2024-03-26 | v1.0-beta | Solidified | Full codebase |
Audits for Very Liquid Vaults
| Date | Version | Auditor | Scope/ Description |
|---|---|---|---|
| 2025-09-11 | v0.1.0 | Obsidian | Full codebase |
| 2025-07-26 | v0.0.1 | Open Zeppelin | Full codebase |
Internal Audits and Tests
In addition to security audits, we have conducted several internal reviews and taken various measures to ensure that our coding practices meet the highest standards:
- 93% test coverage (Test-to-Code > 3x)
- Stateful Invariant Tests (Echidna, Medusa, Foundry 38 properties)
- Stateless Fuzz Tests (Foundry)
- Static Analyzers (Slither, Solhint, LightChaserV3)
- Formal Verification (Halmos)
- Auditable protocol upgrades with Foundry scripts
Bug Bounty
A $50k bug bounty is live on Cantina.
This protocol has adopted the SEAL Safe Harbor Agreement for Whitehats, which empowers approved security researchers to intervene during active exploits to rescue funds. Full adoption details, scope, and bounty terms are publicly available here.
Get in Touch
security (at) rheo.xyz