Skip to main content

Audits & Risk Disclosure

Detailed disclosures of protocol risks and user considerations. Firm Money code has been audited several times by Pashov Audit Group, Cyfrin, Shred Security, and several independent auditors. It has also been scanned by Octane Security, an automated testing and security monitoring service.

See a list of audit reports here: https://github.com/firm-money/audit-reports/tree/main

Contract Risk

Underlying Liquity contracts are audited and secure. Firm Money is a fork of Liquity V2 and inherits most of the same risks and security considerations, with several differences documented in the Changes from Liquity V2 page.

Firm Money protocol contracts (and all changes from the Liquity core contracts) have undergone multiple comprehensive security audits:

Security Audits

Firm Money code has been audited by Pashov Audit Group and several independent auditors. The protocol also underwent extensive testing with automated vulnerability testing by Octane Security, with reports available for each pull request on our GitHub repository.

For a complete list of all audit reports, visit our audit-reports repository.

Centralization Risk

Firm Money Governance

Firm Money Protocol is designed to be as limited and decentralized as possible. The only parameters in the protocol which can be updated or changed by governance are:

  1. Debt limits for each collateral type, which can be lowered at any time but only raised by a factor of 2x with a 7 day timelock.
  2. How to direct 25% of protocol revenue.

New collateral types can NOT be added by Firm Money governance. USF can NEVER be minted by governance. The percentage of fees that are directed to the stability pool can NOT be changed by governance.

Status Network

Firm Money is deployed on Status Network, an Ethereum L2. Firm is dependent on the security of Status Network. If there is ever a critical issue with Status Network infrastructure, it could affect the safety of Firm Money.

Collaterals

It is possible that some collateral tokens could be upgraded by respective DAOs or groups in the future. Conservative debt limits and over-collateralization ratios have been chosen to limit risks of this posing any issues.