Skip to main content

Audit Reports

Firm Money Protocol has undergone multiple comprehensive security audits to ensure the safety and reliability of the protocol. All audit reports are publicly available in our audit-reports repository.

Security Audits

Audit Report #1

Date: August 23, 2025
Report: Firm Security Review - August 2025

Audit Report #2

Date: September 22, 2025
Report: Firm Security Review - September 2025

Audit Report #3

Date: November 30, 2025
Auditor: Shred Security
Report: Firm Audit - Shred Security November 2025

Audit Report #4 — Cyfrin

Date: March 9, 2026
Auditor: Cyfrin (SBSecurity, Arnie)
Scope: Changes from Liquity V2 base — deployment scripts, price feeds (LINEA, sGUSD, SNT), BorrowerOperations, CollateralRegistry, Constants, TroveManager, AddressesRegistry
Commit: 1a4691226fe5...
Fix Commit: 48dd5791b22a...
Report: Firm Money Cyfrin Audit - March 2026

Summary: 5 Low severity + 3 Informational findings. No Critical, High, or Medium issues.

IDSeverityFinding
L-1LowDeployment script missing new collaterals support
L-2LowDebt-limit enforcement inconsistent with stated requirement
L-3LowOracle fallback may choose more stale price
L-4LowEmpty SP removes entire liquidator incentive
L-5LowInsufficient liquidator incentive on non-ETH branches
I-1InfoImported constants remain unused
I-2InforETH staleness configuration does not match documentation
I-3InfoMetadataNFT reuses wrong protocol branding

Additional Security Reviews

Firm Money code has been audited several times by Pashov Audit Group and several independent auditors. The protocol has also been scanned by Octane Security, an automated testing and security monitoring service.

For a complete list of all audit reports, please visit our audit-reports repository.

Other Security Measures

  • Octane Security: Automated vulnerability testing with reports available for each pull request on our GitHub repository

Risk Disclosure

For detailed information about protocol risks and user considerations, please see our Risk Disclosure page.