Independent, third-party review, published in full. This page is the permanent home for every audit of the Liquid Liberty Protocol.
The Phase One contracts (the Liberty Vault and its share token) and the off-chain signing service that authorizes every vault operation were audited by SpyWolf. The review combined line-by-line manual analysis with an independent exact-integer reimplementation of the vault’s arithmetic, exercised across several hundred randomized and adversarial sequences.
All eight findings remediated and re-verified. The vault held fully solvent and value-conserving across every simulated sequence, with no path to user-fund loss identified. Those “trust assumptions” are the intentional Phase-One controls described below: a single trusted signer and a narrow set of owner-tunable parameters during the hardening period, none of which can freeze, seize, or redirect user collateral.
Download the Full Report (PDF)Report dated July 2, 2026. Source referenced by commit hash: audited at tag v0.1.0-audit, remediated at v0.1.1-audit-patched.
| ID | Finding | Severity | Status |
|---|---|---|---|
| F-01 | Full-redemption price reset and orphaned collateral at supply zero | Medium | Fixed |
| F-02 | Signature auth gate bypassable through the public proxy | Medium | Fixed |
| F-03 | Production signer could fall back to a public development key | Low | Fixed |
| F-04 | Non-standard underlying could break collateral accounting | Low | Fixed |
| F-05 | EVM version not pinned for the deployment target | Low | Fixed |
| F-06 | Reentrancy guard absent on owner/treasury paths | Informational | Fixed |
| F-07 | Signer handlers did not bound amount; error messages echoed | Informational | Fixed |
| F-08 | Renounce did not override inherited ownership functions | Informational | Fixed |
The Phase One vault ships with no pause, no emergency withdrawal, and no admin rescue path on user-fund custody, a deliberate choice that trades operational flexibility for a smaller attack surface. We cannot freeze, seize, or redirect user funds. Every mint and redemption is bound on-chain to the address that submits it, so the blast radius of any key compromise is commercial, never theft of user funds. As later, more complex components ship, each will receive its own independent audit, published here.