diff --git a/docs/pages/the-protocol/security.mdx b/docs/pages/the-protocol/security.mdx index bff0941..2d2d0b5 100644 --- a/docs/pages/the-protocol/security.mdx +++ b/docs/pages/the-protocol/security.mdx @@ -10,11 +10,11 @@ Our codebase has a high level of unit test coverage and we used Foundry to fuzz- A complete audit of the smart contracts has been completed by [Spearbit](https://spearbit.com/) as of November 2023: -See the [Spearbit Network Security Review](https://drive.google.com/file/d/1qj0tCxzkgQONzWTENFk5MKroH5D6PUVG/view?usp=drive_link) +See the [Spearbit Network Security Review](/img/Spearbit_Drips_Network_Security_Review.pdf) Previously to the Spearbit audit, we also worked with an independent security auditor to conduct smart contract security reviews during the development of the contracts: -See the [Security Report](https://drive.google.com/file/d/1DoekwJ-D2p00rJ87-NoG0pj_hBv-rkYa/view?usp=drive_link) +See the [Security Report](/img/Drips_Audit_Report.pdf) In addition, a member of the Drips core team is also a security auditor, so we were able to leverage their expertise in this area to perform an internal audit: @@ -26,11 +26,13 @@ See the [Code4rena Report](https://code4rena.com/reports/2023-01-drips) Drips has a public [bug bounty program with Immunefi](https://immunefi.com/bounty/drips/). -`BridgedGovernor` and `Giver` contracts were audited separately, see the [Cantina Security Report](https://drive.google.com/file/d/19EjEwN0LhGfWFqptZTZrOWv4vA7-exUM/view?usp=drive_link). +`BridgedGovernor` and `Giver` contracts were audited separately, see the [Cantina Security Report](/img/cantina-05-july-2024-report-review-drips.pdf). -The `RepoDriver` migration to Gelato was audited separately, see the [Cantina Security Report](https://drive.google.com/file/d/10LQ26EWpyIWm8G1PCSel8C_ZoShQBEHa/view?usp=drive_link). +The `RepoDriver` migration to Gelato was audited separately, see the [Cantina Security Report](/img/report-cantinacode-drips-0722-4.pdf). -The `NetiveTokenUnwrapper`, `NFTDriver` custom URIs, `GelatoTaskOwner`, `RepoSubAccountDriver` and `RepoDeadlineDriver` were audited separately, see the [Cantina Security Report](https://drive.google.com/file/d/1GR6PD7gquDkFN1A3QUL3f0Pi9xH1-0T-/view?usp=drive_link). +The `NativeTokenUnwrapper`, `NFTDriver` custom URIs, `GelatoTaskOwner`, `RepoSubAccountDriver` and `RepoDeadlineDriver` were audited separately, see the [Cantina Security Report](/img/report-cantinacode-drips-0327-1.pdf). + +The `RepoDriver` migration to the oracle using Lit protocol was audited separately, see the [Cantina Security Report](/img/cantina_drips_mar2026.pdf). ### Certora @@ -40,7 +42,7 @@ While we are excited about the potential of using formal verification to improve However, we believe that it is important to stay at the forefront of technology and explore new approaches to smart contract security. By doing so, we hope to gain valuable insights and improve our security measures over time. -You can read the [report from Certora](https://drive.google.com/file/d/1kWKDzjbTl69Vhl_HVyJjnwRojNgSzeDB/view?usp=drive_link), or explore [our work on invariants with the Certora prover in Github.](https://github.com/radicle-dev/drips-contracts/tree/certora) +You can read the [report from Certora](/img/Certora_Radicle_Drips_Report.pdf), or explore [our work on invariants with the Certora prover in Github.](https://github.com/radicle-dev/drips-contracts/tree/certora) ### Risk diff --git a/docs/public/img/cantina_drips_mar2026.pdf b/docs/public/img/cantina_drips_mar2026.pdf new file mode 100644 index 0000000..01262c6 Binary files /dev/null and b/docs/public/img/cantina_drips_mar2026.pdf differ