filter.fun publishes its audit posture in public. This page is the canonical timeline — it updates as the audit progresses, and it doubles as the gate the team is using to decide when Phase 2 mainnet activation is allowed.Documentation Index
Fetch the complete documentation index at: https://docs.filter.fun/llms.txt
Use this file to discover all available pages before exploring further.
Current phase: pre-audit
| Item | Status |
|---|---|
| Foundry invariant test suite | ✅ Shipped — see PR #50 |
| Public sankey diagram + invariant explainer | ✅ Shipped — see Settlement security guarantees |
| Threat model published | ✅ Shipped — see Threat model |
| Voluntary disclosure window | ▼ Open (14 days from publish date) |
| Audit firm engagement | Scoping in progress |
| Formal audit | Not yet started |
| Audit report | Pending |
Voluntary disclosure window
A 14-day window during which the contracts are open for community review before formal audit begins. This is voluntary — there is no paid bounty in this window. See the settlement security page for scope, contact, and disclosure terms.After the window closes, all findings (with reporter consent) are documented on this page along with the response. Findings that surface during the audit itself are documented separately as part of the audit report.Formal audit
The Phase 2 audit will cover the full contract suite as deployed on Sepolia, plus the bag-lock contract (PR #43). The auditor will receive the public-review history (this page + any disclosure-window findings) as input.| Field | Value |
|---|---|
| Audit firm | TBD (engagement in progress) |
| Scope | Full packages/contracts/src/ deployed in manifest, plus bag-lock contract |
| Timeline | TBD; pinned once firm is engaged |
| Report publication | Public, on this page, after remediation |
Mainnet activation gate
filter.fun does not activate Base mainnet on a calendar date. It activates when this checklist completes. Per spec §42.5:- Foundry invariant test suite shipped and passing
- Public sankey diagram + invariant explainer at docs.filter.fun
- 2-week public review window completed
- All public-review findings addressed or explicitly accepted-as-design
- Formal audit complete with public report
- All critical / high audit findings resolved
- Bag-lock contract (PR #43) covered in same audit
- Multi-sig on TreasuryTimelock + POLVault confirmed
- Operator runbook §8 smoke procedure executed cleanly on Sepolia at least once
Findings log
This section is empty until the disclosure window closes. Findings will be listed in chronological order with reporter (with permission), severity, status, and resolution.Related
- Settlement security guarantees — the eight invariants and how to verify them
- Threat model — the seven adversaries the pipeline defends against
- Sepolia smoke runbook — the runbook that gates checklist item 9