search

Audit Reports

MegaTAO's smart contracts have been audited by two independent security firms. As the protocol is in beta and actively upgrading, we maintain an ongoing audit relationship to cover all changes.

hashtag
BitSec

Status: Ongoing partnership

BitSec has audited the MegaTAO Alpha Futures smart contracts and continues to review all protocol updates as they are developed. This ongoing partnership ensures that every contract upgrade is reviewed for security vulnerabilities before deployment.

Scope:

  • Core trading contracts (position management, order execution, liquidation)

  • Margin and vault systems

  • Funding rate mechanics

  • Proxy upgradeability and storage layout

  • Access control and role management

hashtag
XORs Software

Status: Completed

XORs Software conducted an independent audit of the MegaTAO protocol, providing a separate assessment of the smart contract security.

Scope:

  • Full protocol review

  • Smart contract vulnerability analysis

  • Business logic verification

hashtag
Comprehensive Final Audit

The MegaTAO protocol is currently in beta and undergoing active development. Once the protocol reaches its final form, we will work with BitSec to produce a comprehensive audit report covering the complete, production-ready codebase. This report will be published here.

hashtag
Audit Methodology

Both audits covered:

  • Access control: Verification that privileged functions are properly restricted

  • Reentrancy: Protection against reentrant calls in all state-changing functions

  • Arithmetic: Correct handling of fixed-point math, overflow, and precision loss

  • Oracle manipulation: Resistance to price oracle attacks

  • Liquidation logic: Correctness of margin calculations and liquidation thresholds

  • Upgrade safety: UUPS proxy pattern correctness and storage layout compatibility

  • Economic attacks: Flash loan vectors, sandwich attacks, and MEV considerations

hashtag
Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly through our Bug Bounty program rather than disclosing it publicly.

We believe in transparency. All future audit reports will be published in full on this page.

PreviousSecurity & AuditsNextSmart Contract Security

Last updated