Skip to main content

Audits and Security

Review Nexus Mutual's audits, bug bounties, and initiatives to strengthen our protocol's security.

Audits

Below are a list of audits conducted on Nexus Mutual's smart contracts in order of newest to oldest. You can also review Nexus Mutual's GitHub where these reports are hosted.

iosiro audit | March 2025

iosiro was commissioned by Nexus Mutual to conduct an audit on the Cover Edit, Limit Orders and Staking Pool contracts.

iosiro audit | January 2025

iosiro was commissioned by Nexus Mutual to conduct an audit on the Product Pricing Changes contract.

iosiro audit | November 2024

iosiro was commissioned by Nexus Mutual to conduct an audit on the USD Price Feed Oracle.

iosiro audit | September 2024

iosiro was commissioned by Nexus Mutual to conduct an audit on the Long Term Limit Order contract.

iosiro audit | August 2024

iosiro was commissioned by Nexus Mutual to conduct an audit on the Staking Pool Fixes and NXM Batch Withdrawal Changes.

iosiro audit | July 2024

iosiro was commissioned by Nexus Mutual to conduct an audit on the CoverProducts Refactor and and Total Active Cover Fix code.

iosiro audit | March 2024

iosiro was commissioned by Nexus Mutual to conduct an audit on the Swap Operator contract.

iosiro audit | January 2024

iosiro was commissioned by Nexus Mutual to conduct an audit on the Safe Tracker, a new contract in the system that follows the ERC-20 standard. The balance of the Safe and the total supply are calculated as the total value of the assets in terms of ETH. The Safe Tracker is used to track the price of assets managed by a Safe multisig controlled by the Advisory Board. This Safe was used to manage the Mutual's Aave v3 loan, which has since been repaid.

iosiro audit | October 2023

iosiro was commissioned by Nexus Mutual to conduct an audit on the Ratcheting AMM (RAMM) contracts.

Chaos Labs economic audit | October 2023

Chaos Labs was commissioned by the Foundation to conduct an economic audit of the Ratcheting AMM (RAMM) design and mechanism. The initial announcement was made on the Nexus Mutual governance forum.

iosiro audits | November - December 2022, February - March 2023

iosiro was commissioned by Nexus Mutual to conduct an audit on all contracts under the contracts/modules folder.

iosiro audits | May 2021 & June 2021

iosiro was commissioned by Nexus Mutual to conduct a smart contract audit on:

G0 Group audits | June 2020, November 2020, & March 2021

The G0 Group was commissioned by Nexus Mutual to conduct a smart contract audit on:

Solidified audit | April 2019

Solidified was commissioned by Nexus Mutual to conduct a smart contract audit on the smart contracts and associated components.

Security

Nexus Mutual works to ensure the smart contract system is safe and secure. Regular audits are an important part of maintaining the security of the smart contract system, but there are other approaches the Mutual takes to keep the protocol secure.

Bug bounty program

Nexus Mutual works with Immunefi to manage a bug bounty program. On Immunefi, hackers secure DeFi contracts, save funds from theft, and get paid for responsibly disclosing vulnerabilities. We are able to secure the Nexus Mutual protocol through this program with Immunefi.

Through this program, whitehat hackers are incentivized to disclose vulnerabilities in the Mutual's smart contract system in exchange for payouts equal to the level of severity.

Smart Contracts and Blockchain

  • Critical | Up to $50,000 USD
  • High | Up to $25,000 USD
  • Medium | Up to $10,000 USD
  • Low | Up to $2,000 USD

Note: Bounties listed in USD but paid out in stablecoins.

Check out the bug bounty program on Immunefi for more details.