Our team is dedicated to securing the Flat Money codebase. To date, Flat Money has undergone two (2) audits with Sherlock, an incentive-aligned auditing protocol that provided Flat Money with a hybrid audit that combines the benefits of a legacy audit and an audit competition. The end result was hundreds of Sherlock’s Watsons reviewing the Flat Money codebase ahead of our full launch.
April 2024 Sherlock Audit Contest
During our first audit contest we hosted with Sherlock, 256 Watsons participated and uncovered issues we resolved. Ultimately wanted Watsons to review the fixes implemented to ensure all the discovered vulnerabilities were adequately addressed. Our second audit competition took place from April 9th to April 12th, with 56 Watsons participating. The contest scope included 2,611 number of source lines of code (nSLOC) in the Flat Money code base.
Our second Sherlock audit competition highlighted that our past fixes adequately addressed the disclosed vulnerabilities in the previous audit. This contest only resulted in three (3) medium severity findings, which was an improvement from the previous audit. For more detail on our Sherlock audits, see the Sherlock’s Audit Reports.
Over the course of both audits, we had many skilled security researchers review our code and help us improve our security ahead of our full launch.
Sherlock Bug Bounty Coverage
To further improve Flat Money’s security and ensure we continue to have security researchers review our codebase, we’ve purchased $50,000 of Sherlock’s Bug Bounty Coverage to create a continued incentive for whitehats to review and harden Flat Money’s code beyond our full launch.
With Bug Bounty Coverage, Flat Money can be reimbursed by Sherlock for a bug bounty submitted through our Immunefi program that’s classified as a critical severity issue. This coverage will apply to the code audited by Sherlock’s Watsons should any critical severity vulnerabilities be disclosed in the future. This coverage also includes exploit coverage, which would provide Flat Money with a claim payment of up to the $50,000 coverage amount should the protocol suffer a hack due to a vulnerability found in the code Sherlock previously audited. For more information about our coverage, see Sherlock’s FAQ page and the Flat Money Bug Bounty Coverage Agreement.
As Flat Money’s TVL grows, we can scale our coverage accordingly with the Sherlock team.
Immunefi Bug Bounty Program
We’ll be hosting our bug bounty program with Immunefi, the leading web3 bug bounty service. To date, Immunefi has protected over $190B in user funds and prevented $25B worth of damage through responsible disclosures. The Immunefi whitehat community includes tens of thousands of security researchers who can review the Flat Money codebase.
Learn More About Flat Money’s Security
To learn more about Flat Money’s security and the risks associated with the Flat Money protocol, see the Flat Money documentation:
If you have questions, please reach out to us on Discord!