> For the complete documentation index, see [llms.txt](https://docs.megatao.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.megatao.com/audits/audit-reports.md). # Audit Reports MegaTAO's smart contracts have been audited by two independent security firms. As the protocol is in beta and actively upgrading, we maintain an ongoing audit relationship to cover all changes. ## BitSec **Status**: Ongoing partnership BitSec has audited the MegaTAO Alpha Futures smart contracts and continues to review all protocol updates as they are developed. This ongoing partnership ensures that every contract upgrade is reviewed for security vulnerabilities before deployment. **Scope**: * Core trading contracts (position management, order execution, liquidation) * Margin and vault systems * Funding rate mechanics * Proxy upgradeability and storage layout * Access control and role management [View BitSec February 2026 Audit Report](https://github.com/mega-tao/docs/blob/feat/docs/MegaTao-Final-Audit-Report.pdf) ## XORs Software **Status**: Completed XORs Software conducted an independent audit of the MegaTAO protocol, providing a separate assessment of the smart contract security. **Scope**: * Full protocol review * Smart contract vulnerability analysis * Business logic verification ## Comprehensive Final Audit The MegaTAO protocol is currently in beta and undergoing active development. Once the protocol reaches its final form, we will work with BitSec to produce a comprehensive audit report covering the complete, production-ready codebase. This report will be published here. ## Audit Methodology Both audits covered: * **Access control:** Verification that privileged functions are properly restricted * **Reentrancy:** Protection against reentrant calls in all state-changing functions * **Arithmetic:** Correct handling of fixed-point math, overflow, and precision loss * **Oracle manipulation:** Resistance to price oracle attacks * **Liquidation logic:** Correctness of margin calculations and liquidation thresholds * **Upgrade safety:** UUPS proxy pattern correctness and storage layout compatibility * **Economic attacks:** Flash loan vectors, sandwich attacks, and MEV considerations ## Reporting Vulnerabilities If you discover a security vulnerability, please report it responsibly through our [Bug Bounty](/audits/bug-bounty.md) program rather than disclosing it publicly. *** *We believe in transparency. All future audit reports will be published in full on this page.* --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.megatao.com/audits/audit-reports.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.