# Security audits ## Eywa DAO Security Audit Report by MixBytes **1. Project architecture review:** * Build an independent view of the project's architecture. * Identifying logical flaws. **2. Checking the code in accordance with the vulnerabilities checklist:** Eliminate typical vulnerabilities (e.g. reentrancy, gas limit, flash loan attacks etc.). **3. Checking the code for compliance with the desired security model:** Detect inconsistencies with the desired model. **4. Consolidation of the auditors' interim reports into one:** * Double-check all the found issues to make sure they are relevant and the determined threat level is correct. * Provide the Client with an interim report. **5. Bug fixing & re-audit:** * Verify the fixed code version with all the recommendations and its statuses. * Provide the Client with a re-audited report. **6. Final code verification and issuance of a public audit report:** * Conduct the final check of the code deployed on the mainnet. * Provide the Customer with a public audit report. {% file src="/files/liu7vplA9DbToV5KoJpx" %} ### EYWA CLP security audit by MixBytes A group of auditors are involved in the work on the audit. Security engineers check the provided source code independently of each other in accordance with the methodology described below: **1. Project architecture review:** * Build an independent view of the project's architecture. * Identifying logical flaws. **2. Checking the code in accordance with the vulnerabilities checklist:**\ Eliminate typical vulnerabilities (e.g. reentrancy, gas limit, flash loan attacks etc.). **3. Checking the code for compliance with the desired security model:** Detect inconsistencies with the desired model. **4. Consolidation of the auditors' interim reports into one:** * Double-check all the found issues to make sure they are relevant and the determined threat level is correct. * Provide the Client with an interim report. **5. Bug fixing & re-audit:** * Verify the fixed code version with all the recommendations and its statuses. * Provide the Client with a re-audited report. **6. Final code verification and issuance of a public audit report:** * Conduct the final check of the code deployed on the mainnet. * Provide the Customer with a public audit report. {% file src="/files/2iM5OEys2c23HzFEVLGP" %} 🔗 [**Link**](https://github.com/mixbytes/audits_public/tree/master/EYWA/CLP) to MixBytes EYWA reports. ### EYWA CDP security audit by Smartstate The core architectural element of the EYWA ecosystem is the **EYWA Cross-chain Data Protocol**, which is a transport layer between blockchains. All EYWA products for DeFi users are based on this protocol. Although at the time of this audit the core of EYWA multisig is represented by a trusted group of projects, EYWA aims for DAO, as reflected in EYWA project current documentation. **CDP Smart Contracts:** These smart contracts serve as a means for sending and accepting cross-chain calls. They also include a node registration contract used in the Proof of Authority (POA) consensus among oracle nodes. **Smart State evaluation:** 8/10 {% file src="/files/9OnsyGRS3i0UIAGbcRD2" %} CDP report from SmartState {% endfile %} ### EYWA CLP security audit by Smartstate **EYWA Cross-chain Liquidity Protocol** ensures the operation of EYWA DEX v1 **CLP smart contracts** - are smart contracts for processing synth and burn operations, as well as mint and lock tokens. They are also responsible for swap processing and liquidity handling operations. **Smart State evaluation:** 10/10 {% file src="/files/BbsByQsGfZyaPMrazto7" %} CLP report from SmartState {% endfile %} 🔗 [**Link**](https://smartstate.tech/clients/eywa.html) to SmartState EYWA reports. ### Security audits by Hexens The Hexens team [**audited various components**](https://hexens.io/audits#eywa) of EYWA, such as the BLS cryptography module in EYWA CDP as well as EYWA NFT. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eywa.fi/eywa-ecosystem/security-audits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.