Security & Audits
Toros is built on the dHEDGE protocol. The smart contracts that power Toros vaults have been covered by 6 independent security audits across 4 auditors, and the protocol maintains an active bug bounty program.
No publicly known exploits or security incidents have affected dHEDGE or Toros.
Audit Timeline
For the full dHEDGE security documentation, see docs.dhedge.org/security.
Bug Bounty
dHEDGE maintains an active bug bounty program on Immunefi.
Critical
$2,000 to $50,000 (0.1% of affected funds, capped)
High
$1,000
Scope
PoolFactory-linked contracts on all supported chains (Ethereum, Polygon, Optimism, Base, Arbitrum). Includes vault implementation contracts (PoolLogic, PoolManagerLogic), contract and asset guards, and price aggregator contracts.
Requirements
Proof of concept required
Testing must use local forks (no mainnet or testnet)
Rewards paid in USDC
Vault Permissions
Toros vault managers can only interact with whitelisted contracts and assets. This prevents unauthorized transactions with depositor funds. New protocol integrations are added through DAO-governed whitelisting.
Smart Contract Risk
Toros products interact with multiple DeFi protocols including Aave and GMX. The Toros Everlasting Options system uses Flat Money contracts at the smart contract level. Each protocol integration introduces additional smart contract risk. Users should evaluate their risk tolerance before depositing.
Last updated