Audits
Five firms. Zero criticals.
Every Sudo contract is publicly audited by independent firms. Every finding — and every mitigation — is published.
5
Firms engaged
0
Critical findings
1
High finding (mitigated)
$1M
Bug bounty pool
Reports
Every audit, every finding, in public
| Firm | Target | Date | Findings (C/H/M/L) | Status | Report |
|---|---|---|---|---|---|
| Trail of Bits | Sudo Escrow v3 | Feb 12, 2026 | 0/0/2/4 | Mitigated | PDF → |
| Spearbit | Validator Selection (VRF + commit-reveal) | Jan 28, 2026 | 0/1/3/5 | Mitigated | PDF → |
| Code4rena | SUDO Token + Vesting | Dec 4, 2025 | 0/0/1/9 | Mitigated | PDF → |
| OpenZeppelin | .sudo Name Registry | Nov 18, 2025 | 0/0/1/3 | Mitigated | PDF → |
| Halborn | Smart-group Indexer & Gating Contracts | Oct 2, 2025 | 0/0/0/6 | Mitigated | PDF → |
Continuous review
What we run between audits
Foundry & Echidna
Property-based fuzzing on every contract change in CI.
Slither + MythX
Static analysis blocks PRs that introduce known unsafe patterns.
Tenderly war room
Forked-mainnet simulations for every deployment, with on-call review.
Immunefi bounty
Always-on whitehat program with up to $250k for critical findings.
Public canary deploy
Every release runs on a low-stakes canary 7 days before mainnet rollout.
Open source first
Contracts and clients open-source on GitHub. Pull requests welcome.