Audits

This page talks about the various audits done on the protocol

RZR’s core contracts are hard-forked from OlympusDAO v2, inheriting its battle-tested architecture—Treasury, BondDepository, RebaseController, and sToken—with only two surgical edits to the staking flow:

Instant-Stake Hook added to BondDepository so newly-vested tokens can auto-stake without a second transaction.
Floor-Price Oracle bump inserted to raise the internal price floor instead of transferring yield in stables.

Outside these inserts the staking contract’s math, access modifiers, and checkpoint logic remain byte-for-byte identical to Olympus, preserving the original invariant proofs.

Seperately an indepedent audit was conducted by Halborn on the protocol on the changes made.

Audit History

Because most of the logic is inherited, RZR benefits from the three full-scope audits OlympusDAO commissioned in 2021-22 (PeckShield, Quantstamp, and OpenZeppelin).

Timelock & Multisig Ownership

All admin roles are held by a 3-of-5 Gnosis Safe fronting a 24-hour TimelockController. Any upgrade, parameter tweak, or treasury movement is visible on-chain for a full day before execution, giving the community ample time to review or veto.

See more at timelocked multisig admin.

Bug Bounty

A standing bounty (up to $100k) rewards disclosure of vulnerabilities that could drain funds, break Floor-Price invariants, or inflate supply beyond authorised mint routes.

Reproducible Build & Source References

Canonical repository: https://github.com/rezervemoney/code

PreviousOracles NextDeployed Addresses

Last updated 8 days ago