Overview
Security audits are a critical component of Tori’s security infrastructure. All smart contracts undergo rigorous review by leading security firms before deployment.Primary Audit Partner
Sherlock
Sherlock
Leading smart contract security platform protecting over $50 billion in assets across Web3 protocols.
- Comprehensive audit methodology
- Team of experienced security researchers
- Ongoing coverage through bug bounty program
- Proven track record with major DeFi protocols
Audit Scope
Our audits cover all critical protocol components:| Component | Description | Status |
|---|---|---|
| Core Protocol | Main protocol contracts and logic | Audited |
| trUSD Token | ERC-20 token contract | Audited |
| strUSD Staking | Staking and unstaking contracts | Audited |
| Access Control | Administrative functions and permissions | Audited |
| Oracle Integration | Price feed integrations | Audited |
Audit Reports
Audit reports are published upon completion. Check back for updates as new audits are completed.
Available Reports
| Audit | Scope | Date | Status |
|---|---|---|---|
| Coming soon | Initial protocol audit | TBD | In Progress |
Bug Bounty Program
In addition to formal audits, we maintain an active bug bounty program through Sherlock.How It Works
1
Discover
Security researchers identify potential vulnerabilities in our smart contracts.
2
Report
Submit findings through our responsible disclosure process.
3
Verify
Our team and Sherlock verify the validity and severity of the finding.
4
Reward
Valid findings receive rewards based on severity.
Severity Levels
| Severity | Description | Typical Reward |
|---|---|---|
| Critical | Direct loss of user funds | Highest |
| High | Significant impact on protocol | High |
| Medium | Limited impact, specific conditions | Medium |
| Low | Minor issues, best practices | Lower |
Scope
The bug bounty covers:- All deployed smart contracts
- Integration vulnerabilities
- Economic attack vectors
- Access control issues
- Already known issues
- Third-party protocols
- Frontend/UI issues (separate program)
- Theoretical attacks without PoC
Reporting Vulnerabilities
Email: security@tori.financeWhat to Include
A good vulnerability report includes:- Clear description of the issue
- Step-by-step reproduction instructions
- Proof of concept (if applicable)
- Potential impact assessment
- Suggested remediation (optional)
Response Timeline
| Phase | Timeline |
|---|---|
| Acknowledgment | Within 24 hours |
| Initial Assessment | Within 72 hours |
| Remediation Plan | Within 1 week |
| Fix Deployment | Varies by severity |
| Public Disclosure | After fix is live |
Ongoing Security
Security is not a one-time event. We maintain continuous security through:Re-Audits
| Trigger | Action |
|---|---|
| Major Updates | Full re-audit of changed components |
| New Features | Audit of new functionality |
| Periodic Review | Regular security assessments |
Continuous Monitoring
Hypernative provides 24/7 monitoring of all protocol activity:- Anomaly detection
- Threat identification
- Automated alerting
- Risk scoring
Security Updates
We commit to:- Prompt patching of identified issues
- Transparent communication about security events
- Regular security status updates
Limitations
Verification
You can verify our security measures:| What to Check | How to Verify |
|---|---|
| Audit Reports | Download and review full reports |
| Contract Code | Verified on block explorers |
| Bug Bounty Status | Check Sherlock platform |
| Monitoring Status | Hypernative dashboard |