Skip to main content
Security audits are essential for DeFi protocols. This page details TED Protocol’s audit status and security practices.

Audit Status

Scheduled Audits

Primary audits covering core contracts and bridge integrations are scheduled for Q1 2025. Auditor details will be announced when finalized.

Continuous Security

  • Automated scanning runs continuously through internal tools
  • Dependency monitoring via Dependabot
  • Static analysis using Slither

Audit Scope

Core Contracts

ComponentDescription
DiamondProxyEntry point
FXSwapFacetSwap routing logic
DEX AdaptersCurve Finance, Uniswap V3/V4, PancakeSwap, and DragonSwap integration
Bridge FacetsCircle CCTP, LayerZero OFT, Wormhole
AdminFacetGovernance functions

Token Contracts

ContractAudit Type
TEDP Token (ERC-20 + OFT)Full audit
LayerZero V2 OFT AdapterIntegration audit

Security Practices

Development Process

  • All code changes reviewed by multiple developers
  • Unit, integration, and fuzz testing required for every change
  • Automated vulnerability scanning on all commits
  • Extended testnet deployment before mainnet releases

Test Coverage Targets

Test TypeTarget
Unit tests95%+
Integration tests80%+
Fuzz testsAll critical paths
Invariant testsCore accounting logic
All testing is in progress.

Security Patterns

PatternImplementation
Reentrancy protectionMutex locks during execution
Access controlRole-based
PausabilityFor emergency response
All patterns follow OpenZeppelin’s well-established implementations.

Bug Bounty Program

TED Protocol operates a bug bounty program to incentivize responsible disclosure.

Rewards

SeverityRewardExamples
CriticalUp to $100,000Direct loss of funds, protocol insolvency
HighUp to $25,000Significant loss potential, major functionality broken
MediumUp to $5,000Limited loss, moderate impact
LowUp to $1,000Minor issues, best practice violations

Scope

In scope:
  • Smart contracts on all supported chains
  • Bridge integrations
  • TEDP token contracts
  • Cross-chain messaging logic
Out of scope:
  • Frontend/UI issues
  • Third-party services
  • Previously reported issues
  • Social engineering attacks

Reporting

Submit security vulnerabilities to security@tedprotocol.io. Include:
  • Detailed description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Suggested fix (if applicable)
Response times:
StageTime
Initial acknowledgmentWithin 24 hours
Severity assessmentWithin 48 hours
ResolutionBased on severity

Third-Party Dependencies

TED Protocol relies on well-audited dependencies.
DependencyAuditsTVL/Security
OpenZeppelinIndustry standard-
Curve FinanceTrail of Bits, Quantstamp$2B+
Uniswap V3Trail of Bits$3B+
LayerZero V2Zellic, Quantstamp$10B+
WormholeMultiple audits post-2022$3B+
Circle CCTPInstitutional-grade$25B+

Dependency Management

  • Locked versions in package files
  • Automated vulnerability alerts
  • Regular dependency updates
  • No unaudited external calls

Emergency Procedures

Incident Response Timeline

StageTimeDescription
DetectionImmediatelyAutomated monitoring alerts
AssessmentWithin 1 hourSecurity team evaluation
ResponseWithin 2 hoursPause affected components
CommunicationWithin 4 hoursUser notification
ResolutionBased on severityDeploy as needed

Emergency Controls

ActionRequired SignaturesPurpose
Pause2-of-5Suspected exploit
Unpause3-of-5Issue resolved
Emergency upgrade4-of-5Critical fix

Transparency

Open Source

All TED Protocol smart contracts are open source and verified on block explorers.

Upgrade History

All contract upgrades are documented with:
  • Upgrade rationale
  • Code changes
  • Audit status
  • Timelock period