Security Audits
Monolythium is committed to the security and integrity of its protocol, smart contracts, and ecosystem applications. This page documents the audit history and ongoing security practices.
Overview
All significant code changes to the core chain, smart contracts, and critical infrastructure undergo security review before deployment. Formal external audits are part of the pre-mainnet preparation process, and continuous internal review is performed throughout development.
Audit History
| Date | Auditor | Scope | Report | Status |
|---|---|---|---|---|
| Pre-mainnet | TBD | Core chain (monod), consensus (LythiumBFT), state machine | Pending | Planned |
| Pre-mainnet | TBD | Solidity smart contracts (DeFi, token, marketplace) | Pending | Planned |
This table will be updated with auditor names, report links, and findings summaries as audits are completed. All audit reports will be published publicly.
Internal Reviews
Continuous Code Analysis
The Monolythium codebase undergoes continuous automated security analysis:
- Guardian Security Scanner -- Runs automated analysis across all repositories, scanning for vulnerabilities, misconfigurations, and dependency issues
- Static Analysis (Solidity) -- Slither and Aderyn are run against all smart contracts before deployment
- Code Review -- All pull requests require review before merging to production branches
Review Coverage
| Component | Review Type | Tools |
|---|---|---|
| Solidity contracts | Static analysis, manual review | Slither, Aderyn, Foundry tests |
| Core chain (Go) | Automated scanning, peer review | Guardian, Go vet, govulncheck |
| Frontend applications | Dependency scanning, CSP enforcement | npm audit, Guardian |
| Infrastructure | Configuration review, access auditing | Guardian, manual review |
Continuous Monitoring
Dependency Vulnerability Scanning
All repositories are monitored for known vulnerabilities in dependencies:
- Automated alerts for critical and high severity CVEs
- Regular dependency update cycles
- Lockfile integrity verification
Code Review Requirements
Production branches (prod) are protected with the following requirements:
- All changes must go through a pull request
- At least one approving review required
- CI checks must pass (build, test, lint)
Responsible Disclosure
If you discover a security vulnerability, please report it through our responsible disclosure process rather than creating a public issue.
See Security Policy for reporting instructions, response timelines, and scope.
Further Reading
- Security Policy -- Responsible disclosure process and contact information
- Bug Bounty -- Community bug reporting program with LYTH rewards