2/8 🔧 What is Makina? Makina enables cross-chain asset management across EVM networks using a hub-and-spoke architecture. A central Machine manages deposits and share accounting, while Calibers on each chain execute investment strategies.

3/8 🧩 Minimizing trust Makina separates responsibilities to minimize trust. Instructions are created and approved by the Risk Manager (defining what’s allowed) and later executed by the Operator, ensuring full flexibility without full trust in execution.

4/8 🛡️ Bounding loss Every action is protected by slippage limits and loss caps ensuring losses stay within strict bounds even if an Operator key is compromised. This design is key to Makina’s operational security. 🔐

5/8 🔍 What we focused on Our review centered on whether those bounded-loss guarantees truly hold in all situations even under reentrancy, cross-chain delays, or malicious token behavior.

6/8 🧪 Additional focus We also examined accounting correctness, cross-contract interactions, and bridging integrity to ensure no single transaction or role could cause systemic loss.

7/8 🐞 Most interesting bug A cross-contract reentrancy lets a malicious operator trigger a bridge inflow mid-swap, which could be counted as profit in the slippage check. This could be used to bypass slippage limits and risked allowing large losses. Issue ID: CS-MACO-001

8/8 👀 Curious to know more? Read our audit reports👇 🔗 https://t.co/IgcfXSWGQJ 🔗