> For the complete documentation index, see [llms.txt](https://docs.toros.finance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.toros.finance/resources/security.md). # Security & Audits Toros is built on the Chamber protocol (formerly dHEDGE). The smart contracts that power Toros vaults have been covered by multiple independent security audits, and the protocol maintains active bug bounty programs. No publicly known exploits or security incidents have affected Chamber or Toros. ## Audit Timeline | Date | Auditor | Toros Relevance | Report | | -------- | -------- | -------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Sep 2025 | Sherlock | Vault core and Aave V3 integrations | [PDF](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ff03kK69OTEEthfwi6VoC%2Fuploads%2FoacAphKLdPdHKiU9sPIw%2FSherlock%20Audit%20%E2%80%93%20mStable%20Pendled%20sUSDe%20\(via%20dHEDGE\).pdf) | | Jan 2025 | Santipu | Aave V3 lending loops (used by money market-based leveraged tokens) | [GitHub](https://github.com/santipu03/santipu03/blob/main/private-audits/dHEDGE_Aave.md) | | Jan 2025 | Santipu | GMX perpetual futures integration (used by leveraged tokens and 1x tokens) | [GitHub](https://github.com/santipu03/santipu03/blob/main/private-audits/dHEDGE_GMX.md) | | Oct 2024 | Santipu | Single-asset withdrawal logic (used when exiting Toros vaults) | [GitHub](https://github.com/santipu03/santipu03/blob/main/private-audits/dHEDGE_SAW.md) | | Jun 2024 | Sherlock | Vault core contracts and protocol integrations | [PDF](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ff03kK69OTEEthfwi6VoC%2Fuploads%2Fo3epQZwV9tbnGp8EclE2%2FSherlock%20dhedge-audit-report.pdf) | | Jul 2021 | CertiK | V2 core contracts (foundation of current Toros infrastructure) | [CertiK](https://skynet.certik.com/projects/dhedge) | For the full Chamber security documentation, see [docs.chamberfi.com/security](https://docs.chamberfi.com/security). ## Perpetual Options Audit (Flat Money) Toros Perpetual Options use [Flat Money](https://flat.money) contracts at the smart contract level. The perpetual options contracts have been audited independently through a Sherlock private audit contest. | Date | Auditor | Scope | Report | | -------- | -------------------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Jan 2025 | Sherlock (private contest) | Flat Money perpetual options contracts | [PDF](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F6jxnGsSeYJfPRFFT97Bn%2Fuploads%2FM9i0snPCGjtRP5KASAyw%2F2025.03.07%20-%20Final%20-%20Flat%20Money%20Private%20Audit%20Contest%20Report.pdf?alt=media\&token=3b2e2ebf-ac03-44af-923a-1d124393d749) | Flat Money also maintains an active bug bounty on [Sherlock](https://audits.sherlock.xyz/bug-bounties/1) with rewards up to $50,000. ## Bug Bounty Chamber maintains an active bug bounty program on [Immunefi](https://immunefi.com/bug-bounty/dhedge/). | Severity | Reward | | -------- | -------------------------------------------------- | | Critical | $2,000 to $50,000 (0.1% of affected funds, capped) | | High | $1,000 | ### Scope PoolFactory-linked contracts on all supported chains (Arbitrum, Ethereum, HyperEVM). Includes vault implementation contracts (PoolLogic, PoolManagerLogic), contract and asset guards, and price aggregator contracts. ### Requirements * Proof of concept required * Testing must use local forks (no mainnet or testnet) * Rewards paid in USDC ## Vault Permissions Toros vault managers can only interact with whitelisted contracts and assets. This prevents unauthorized transactions with depositor funds. New protocol integrations are added through DAO-governed whitelisting. ## Smart Contract Risk Toros products interact with multiple DeFi protocols. Each integration introduces additional smart contract risk: * **Aave** — used by money market-based leveraged tokens for lending and borrowing * **GMX** — used by perpetuals-based leveraged tokens and 1x tokens for futures positions * **Flat Money** — provides the smart contracts powering [Toros Perpetual Options](/options-strategies/perpetual-options.md), which underpin Protected Leveraged Tokens, Covered Call, and Short Volatility strategies Users should evaluate their risk tolerance before depositing, considering that a vulnerability in any underlying protocol could affect Toros products that depend on it. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.toros.finance/resources/security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.