1/8 🧵 We recently audited @makinafi, a cross-chain asset management protocol focused on operational security by design. Makina’s core principle: even if an operator is compromised, user funds should remain safe. More info in this thread 👇 https://t.co/IgcfXSWGQJ

8/8 👀 Curious to know more? Read our audit reports👇 🔗 https://t.co/IgcfXSWGQJ 🔗

7/8 🐞 Most interesting bug A cross-contract reentrancy lets a malicious operator trigger a bridge inflow mid-swap, which could be counted as profit in the slippage check. This could be used to bypass slippage limits and risked allowing large losses. Issue ID: CS-MACO-001

6/8 🧪 Additional focus We also examined accounting correctness, cross-contract interactions, and bridging integrity to ensure no single transaction or role could cause systemic loss.

5/8 🔍 What we focused on Our review centered on whether those bounded-loss guarantees truly hold in all situations even under reentrancy, cross-chain delays, or malicious token behavior.

4/8 🛡️ Bounding loss Every action is protected by slippage limits and loss caps ensuring losses stay within strict bounds even if an Operator key is compromised. This design is key to Makina’s operational security. 🔐

3/8 🧩 Minimizing trust Makina separates responsibilities to minimize trust. Instructions are created and approved by the Risk Manager (defining what’s allowed) and later executed by the Operator, ensuring full flexibility without full trust in execution.

2/8 🔧 What is Makina? Makina enables cross-chain asset management across EVM networks using a hub-and-spoke architecture. A central Machine manages deposits and share accounting, while Calibers on each chain execute investment strategies.

Want a detailed view of @compoundfinance proposals? Compound Proposal Decoder, our new CLI tool, makes governance more transparent. Fetching proposals on-chain and ABIs from @Etherscan, the decoder prints the details of every action, even rollup calls. https://t.co/BIcfsdXtnj

From our first @Polymarket audit in 2022 to many more since, it’s been an absolute pleasure working with @_loset and his team. Congratulations on a well-deserved accomplishment.

1/ This is a first. We're launching the @solana Audit Subsidy Program! $1M in audit subsidies to help secure projects and strengthen the Solana ecosystem. The program is a joint initiative with @Superteam, @MonkeDAO, and @DrNickA (@jito_sol) who are joining the assessment board

Introducing the Audit Marketplace 🔺 If you’re building on Avalanche and looking to get your project audited, explore the Audit Marketplace with 20+ trusted providers! Built by @areta_io

5/5 👀 Curious to know more? Read our reports below 👇 - mUSD audit ➜ https://t.co/uwhKtOMinh - M0 Extensions audit ➜

4/5 🔐 What we focused on: Asset solvency, functional correctness, and arithmetic precision, along with documentation, gas, and DeFi integration. After fixes, we assessed a high level of security for both the base extensions and the mUSD wrapper.

3/5 ⚡️ M0-powered stablecoins: With M0, developers can build safe, programmable and interoperable digital dollars. M0 enables builders to create their own application-specific stablecoins, and customize attributes such as branding, transfer & compliance behaviors, and yield

2/5 🪙 What is mUSD? A wallet-native stablecoin by @MetaMask, powered by M0 and issued by Bridge (@Stablecoin) via the M0 protocol. M0 network supply is currently ≈103% over-collateralized and validated by a set of independent entities, giving mUSD (or MetaMask USD) a robust

1/5 🧵 We recently audited mUSD, @MetaMask’s native digital dollar for MetaMask’s wallet and ecosystem. mUSD is powered by @m0’s universal stablecoin platform. More info in this thread 👇

2/ Since launching https://t.co/C8wpw5UvY6, we’ve helped streamline the audit process for dozens of teams, we’re live on 6 ecosystems, with over $30M in offer volume. This can only be achieved by working with the best auditors in the space, and we’re proud to have 8 top-tier

1/ Base is now live on Areta Market! 🔵 Over the past year, we’ve been helping projects get top-tier audits done faster for a fraction of the cost. No cold outreach. No gatekeeping. No spreadsheets. Now bringing that experience and 20 top-tier auditors to the next generation of

1/7 🧵 We recently conducted a security review of @pendle_fi @boros_fi. Here’s more info about it👇 https://t.co/TgWqo7DGT5