# OVERALL AUDITS ## ๐Ÿ›ก๏ธ Full Audit Overview > **Every Durian contract deployed to mainnet has been through at least one full security review round.** This page consolidates every finding across every product, with patch status and mainnet verification. ### At-a-Glance | Product | Version | Review Rounds | Critical (ALL FIXED) | High (ALL FIXED) | Medium | Low | Info | All Fixed? | Kubscan Verified? | Production Ready? | | ----------------------------- | -------- | :-----------: | :------------------: | :--------------: | :----: | :-: | :--: | :--------------: | :---------------: | :---------------: | | **AMM โ€” Durianfun** | V4.5 | 6 (R1โ€“R6) | 0 | 0 | 5 | 2 | 3 | โœ… | โœ… | โœ… | | **CLOB โ€” Durianfun** | V2.5 | 6 (R1โ€“R6) | 3 | 1 | 2 | 1 | โ€” | โœ… | โœ… | โœ… | | **Social โ€” DurianSocial** | V1.2 | 4 | 0 | 0 | 1 | โ€” | โ€” | โœ… | โœ… | โœ… | | **OTC โ€” DurianMoneyTransfer** | V1.2 | 2 | 1 | 1 | 2 | โ€” | โ€” | โœ… | โœ… | โœ… | | **Durian Wallet UI** | In build | โ€” | โ€” | โ€” | โ€” | โ€” | โ€” | n/a (no custody) | n/a | ๐Ÿšง | **Composite AMM Score: 9.85 / 10** **All ecosystem products with shipped contracts are MAINNET-READY as of April 2026.** ### External (Third-Party) Audits **None to date.** All audit rounds have been conducted **internally** by the Durian engineering team using: * Manual line-by-line review * Mathematical proof of curve / accounting invariants * Fuzz testing (property-based, Echidna-style) * Invariant testing * Explicit attack simulation (10+ scenarios for AMM, 7 for CLOB) * Bytecode verification via Kubscan source verification External audits (OpenZeppelin, Trail of Bits, Certora) are under evaluation for future major releases. The ecosystem is designed to **make external auditing easy**: immutable contracts, no proxies, public verified source, deterministic CREATE2 deployments. *** ### Product 1: AMM โ€” Durianfun V4.5 ๐Ÿ“„ Full AMM Audit Page **Scope:** * `DuriandotfunFactoryV45.sol` ยท `BondingCurveMarketV45.sol` ยท `DurianAMMV45.sol` ยท `DurianToken.sol` ยท `ExpMath.sol` **Medium Findings โ€” All Fixed:** | ID | Title | Resolution | | :---: | ------------------------------ | ---------------------------------------------------------------------------- | | M-1 | Creator DOS at graduation | 30k gas-capped `.call()` + treasury fallback + `CreatorRewardFallback` event | | M-2 | Fee cap too loose (was 10%) | Hard-capped at **2%** (`MAX_FEE_PPM = 20,000`) โ€” bytecode-enforced | | M-3 | Rescue without transparency | `StuckTokensRescued` event + zero-address check | | MED-1 | Treasury gas griefing | All `_sendKub` capped at **50,000 gas** | | MED-2 | Creator gas griefing on trades | Same 50k gas cap covers creator transfers | **Formal Invariants Proven (10):** AMM K growth, KUB conservation, immutable supply, one-way graduation, immutable creator address, hardcoded AMM fee (0.40%), hardcoded factory-fee cap (2%), no LP withdrawal, price > 0 always, virtual-K preservation. **Attack Simulations Passed:** 10 (whale dumps, graduation races, flash-loan attempts, overflow scenarios, creator DOS, etc.) *** ### Product 2: CLOB โ€” Durianfun V2.5 ๐Ÿ“„ Full CLOB Audit Page **Scope:** * `CLOBFactory.sol` ยท `CLOBPair.sol` ยท `DurianSpotWallet.sol` ยท `InsuranceReserve.sol` ยท `AmmFeeRouterV2.sol` **Critical Findings โ€” All Fixed:** | ID | Title | Resolution | | :--: | ------------------------------------ | ---------------------------------------------------------------------------------------------------- | | C-01 | `initialize()` front-run window | `require(msg.sender == _factory)` + atomic clone+init in same tx | | C-02 | Maker fee > effective rebate DOS | Invariant guard: `makerPpm ร— 10000 โ‰ค takerPpm ร— rebateBps` โ€” **V2.5 redeploy specifically for this** | | C-03 | `nextOrderId = 0` sentinel collision | `nextOrderId = 1;` in initialize | **High Finding โ€” Fixed:** | ID | Title | Resolution | | :--: | ----------------------------------------------- | ------------------------------------------------------------------------ | | H-01 | `transferInternal()` NatSpec regulatory framing | Comment rewritten to neutral. Zero behavior/bytecode change to function. | **Medium Findings โ€” All Fixed:** | ID | Title | Resolution | | :--: | -------------------------------------- | ------------------------------------------------ | | M-01 | Tick-hop gas-bomb | `MAX_TICK_HOPS = 64` constant | | M-02 | `quoteMarketBuy()` silent-lie sentinel | Replaced garbage return with explicit `revert()` | **Low Finding โ€” Fixed:** | ID | Title | Resolution | | :--: | ----------------------------------- | --------------------------------------------------------- | | L-01 | Buy-maker rounding residue stranded | Per-order `baseLocked` tracking + atomic remainder unlock | **Production Hardening Shipped (8 items):** msg.value guards, tick traversal caps, per-order locked tracking, O(1) cancel, market-order API split, MIN\_TRADE\_NOTIONAL, decimals upper-bound, indexer event reliability. *** ### Product 3: Social โ€” DurianSocial V1.2 ๐Ÿ“„ See Chat ยท OTC & Requests **Scope:** * `DurianSocial_V1_2.sol` (chat + payment requests + direct payments) **Medium Finding โ€” Fixed:** | ID | Title | Resolution | | :-: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------- | | M3 | `fulfillPayRequest` and `sendPayment` trusted `transferFrom` return value without verifying balance delta โ€” malicious/FoT tokens could emit phantom-success events | Balance-delta guard on recipient: revert if `received < claimed` | *** ### Product 4: OTC Escrow โ€” DurianMoneyTransfer V1.2 ๐Ÿ“„ OTC & Requests **Scope:** * `DurianMoneyTransfer_V1_2.sol` (peer-to-peer escrow with atomic settlement) **Critical Finding โ€” Fixed:** | ID | Title | Resolution | | :-: | ------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------- | | C1 | Atomicity break via malicious ERC-20 (returns `true` from `transferFrom` without moving balance) | Balance-delta guard in `_pullToken()` โ€” revert if received < claimed | **High Finding โ€” Fixed:** | ID | Title | Resolution | | :-: | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------ | | H1 | FoT tokens trap escrow forever (stored `claimed`; payout reverts because actual < claimed) | Same balance-delta guard rejects FoT at pull time, not later | **Medium Findings โ€” All Fixed:** | ID | Title | Resolution | | :-: | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | | M1 | Native-reject deadlock (proposer as contract-wallet rejecting `.call{value}` locks escrow) | Pull-pattern fallback: failed sends queued in `pendingWithdrawals`, claimed via `claimPending()`. State always advances. | | M2 | Fee governance desync (owner fee change retroactively shifts in-flight offers) | Snapshot `halfFeePpmAtCreate` into escrow struct at create time | *** ### What Isn't Audited **Durian Wallet (UI-side):** No contract audit scope โ€” it's a read-only + signer-pass-through UI layer. The wallet drawer does not custody funds or sign transactions on the user's behalf; it simply renders data and submits transactions to existing wallet providers (MetaMask, OKX). The **contracts it interacts with** (Factory V4.5, CLOB, Social, OTC) are all audited as noted above. **Profit Thinker (P\&L engine):** A pure-math, read-only library over on-chain events. No custody surface. Correctness is verified by property tests against a reference Python implementation. *** ### Bytecode Verification โ€” All Mainnet Contracts | Contract | Address | Status | | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | :--------: | | Durianfun Factory V4.5 | [`0xdf4f3dB298A9aDe853191F58b4b2a322D47EC005`](https://www.kubscan.com/address/0xdf4f3dB298A9aDe853191F58b4b2a322D47EC005#code) | โœ… Verified | | Factory-D V2.5 (Test) | [`0xa1000BB39f36a630F1AB1b245B25Ca75a6744Aa5`](https://www.kubscan.com/address/0xa1000BB39f36a630F1AB1b245B25Ca75a6744Aa5#code) | โœ… Verified | | CLOB Factory V2.5 | [`0x1e963da022030D29D952e7e0c944F6bfAC50b0e7`](https://www.kubscan.com/address/0x1e963da022030D29D952e7e0c944F6bfAC50b0e7#code) | โœ… Verified | | DurianSpotWallet (CLOB Vault) | [`0xF5b0137F6dCEcE06C566FCae10694dD8645283B3`](https://www.kubscan.com/address/0xF5b0137F6dCEcE06C566FCae10694dD8645283B3#code) | โœ… Verified | | CLOB Pair Implementation | [`0x6619496380EBD9FF50805E2e2637b48943875e00`](https://www.kubscan.com/address/0x6619496380EBD9FF50805E2e2637b48943875e00#code) | โœ… Verified | All verified with: * Exact pragma & compiler version match * Exact optimizer settings (`viaIR: true`, `runs: 200`) * Byte-identical bytecode (deployed vs locally compiled) ### Security Design Principles The Durian ecosystem is built on these audit-friendly principles: #### โœ… What the Contracts Have * Deterministic CREATE2 deployments * Verified open-source on Kubscan * Event-logged state changes * Gas-capped external calls (50k on rewards, 30k on creator payout) * `nonReentrant` on all state-mutating entry points * Invariant-enforced fee caps (bytecode level) * Pull-pattern fallbacks for hostile recipients (OTC V1.2) * Balance-delta verification on ERC-20 transfers (V1.2) * CREATE2-based pair authentication in vault #### โŒ What the Contracts **Don't** Have (By Design) * โŒ No proxy / upgrade mechanism * โŒ No owner mint / burn / pause on user tokens * โŒ No blacklist / whitelist * โŒ No trading tax beyond stated fees * โŒ No admin-controllable curve parameters (immutable after deploy) * โŒ No LP withdrawal paths (AMM sealed forever) * โŒ No delist path for CLOB pairs (immutable from deployment) ### Intellectual Property Smart-contract source code is published under **UNLICENSED** โ€” proprietary, all rights reserved. Protection: international copyright law + Berne Convention + WIPO + TRIPS. **Licensing inquiries:** ### Responsible Disclosure * **Email:** **** โ€” include `[SECURITY]` in subject * **SLA:** 72-hour acknowledgement * **Timeline:** 30-day coordinated disclosure * **PGP key:** Available on request * **Bounty:** Reasonable bounties for high-impact findings (scope + severity at team's discretion) ### Audit Artifacts in Repo For transparency, the following audit artifacts live in the codebase alongside the contracts: | File | Product | Purpose | | ---------------------------------------------------------------------------- | --------- | ---------------------------------------- | | `durian-fun/docs/resources/audit-summary.md` | AMM V4.5 | Full scoring + findings breakdown | | `durian-fun/docs/clob/resources/audit-summary.md` | CLOB V2.5 | Six-round review summary | | `durian-fun/docs/contracts/security.md` | AMM | Security design, immutability guarantees | | `durian-clob/contracts/HARD_AUDIT_PATCHES_R6.md` | CLOB | Pre-mainnet R6 patches documented | | `durian-clob/contracts/MAINNET_DEPLOY_PLAN.md` | CLOB | Mainnet readiness, pre-deploy checklist | | `durian-clob/contracts/contracts/durian-wallet/DurianSocial_V1_2.sol` | Social | V1.2 source with audit fix comments | | `durian-clob/contracts/contracts/durian-wallet/DurianMoneyTransfer_V1_2.sol` | OTC | V1.2 source with audit fix comments | โ†’ Back to: **Durian Home** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://durianandfun.gitbook.io/durianfun/overall-audits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.