# Security audits ## Eywa DAO Security Audit Report by MixBytes **1. Project architecture review:** * Build an independent view of the project's architecture. * Identifying logical flaws. **2. Checking the code in accordance with the vulnerabilities checklist:** Eliminate typical vulnerabilities (e.g. reentrancy, gas limit, flash loan attacks etc.). **3. Checking the code for compliance with the desired security model:** Detect inconsistencies with the desired model. **4. Consolidation of the auditors' interim reports into one:** * Double-check all the found issues to make sure they are relevant and the determined threat level is correct. * Provide the Client with an interim report. **5. Bug fixing & re-audit:** * Verify the fixed code version with all the recommendations and its statuses. * Provide the Client with a re-audited report. **6. Final code verification and issuance of a public audit report:** * Conduct the final check of the code deployed on the mainnet. * Provide the Customer with a public audit report. {% file src="" %} ### EYWA CLP security audit by MixBytes A group of auditors are involved in the work on the audit. Security engineers check the provided source code independently of each other in accordance with the methodology described below: **1. Project architecture review:** * Build an independent view of the project's architecture. * Identifying logical flaws. **2. Checking the code in accordance with the vulnerabilities checklist:**\ Eliminate typical vulnerabilities (e.g. reentrancy, gas limit, flash loan attacks etc.). **3. Checking the code for compliance with the desired security model:** Detect inconsistencies with the desired model. **4. Consolidation of the auditors' interim reports into one:** * Double-check all the found issues to make sure they are relevant and the determined threat level is correct. * Provide the Client with an interim report. **5. Bug fixing & re-audit:** * Verify the fixed code version with all the recommendations and its statuses. * Provide the Client with a re-audited report. **6. Final code verification and issuance of a public audit report:** * Conduct the final check of the code deployed on the mainnet. * Provide the Customer with a public audit report. {% file src="" %} 🔗 [**Link**](https://github.com/mixbytes/audits_public/tree/master/EYWA/CLP) to MixBytes EYWA reports. ### EYWA CDP security audit by Smartstate The core architectural element of the EYWA ecosystem is the **EYWA Cross-chain Data Protocol**, which is a transport layer between blockchains. All EYWA products for DeFi users are based on this protocol. Although at the time of this audit the core of EYWA multisig is represented by a trusted group of projects, EYWA aims for DAO, as reflected in EYWA project current documentation. **CDP Smart Contracts:** These smart contracts serve as a means for sending and accepting cross-chain calls. They also include a node registration contract used in the Proof of Authority (POA) consensus among oracle nodes. **Smart State evaluation:** 8/10 {% file src="" %} CDP report from SmartState {% endfile %} ### EYWA CLP security audit by Smartstate **EYWA Cross-chain Liquidity Protocol** ensures the operation of EYWA DEX v1 **CLP smart contracts** - are smart contracts for processing synth and burn operations, as well as mint and lock tokens. They are also responsible for swap processing and liquidity handling operations. **Smart State evaluation:** 10/10 {% file src="" %} CLP report from SmartState {% endfile %} 🔗 [**Link**](https://smartstate.tech/clients/eywa.html) to SmartState EYWA reports. ### Security audits by Hexens The Hexens team [**audited various components**](https://hexens.io/audits#eywa) of EYWA, such as the BLS cryptography module in EYWA CDP as well as EYWA NFT.