v3 Audit and Launch Strategy

Previous Audits

v1 and v2 were audited by Quantstamp in December and February respectively.

Audit Landscape

Not all audits are the same. The quality of a security report reflects the engineer analysing the contracts.

Canonical Vaults Audit

v3 is booked in with Haechi Audit for September 28th, and that timeline is only possible as we’ve worked with them before. We’ll continue to book further audits with Tier 1 firms when possible.

Next Steps

While the audit is scheduled for late September, there are other options we are considering to bring more peer reviews and assurance for vault users.

  1. Guarded Launch — It’s possible to put a cap on the TVL of the vaults, e.g $50m, and allow early participants to enter at their own risk. By capping the TVL, there isn’t a huge target on us. This could run for e.g a month, until the audit is released.
  2. Engage White Hats — We have reached out to several known white hats to review the code as part of our ImmuneFi bug bounty. This ensures another set of expert eyes have looked through for any obvious issues.
  3. Community Sourced-There are professional communities we can invite to pick apart the code. An example is Code 423n4, more about them below.

Incentives vs Value

An official audit is simply an engineer who reviews the code and writes a report on any issues found. They aren’t liable for exploits, and there is no guarantee they may find anything, even if there.

Code 423n4

Code 423n4 is a relative newcomer to DeFi security. They offer an incentivised bug bounty, where their community of white hat contributors compete to find the first, the most or the riskiest issues in a code base during a week long bug bounty.

War Room Response

A reminder that yAxis is an early partner to the War Room. This gives us access to a team of professionals who can assist and react during any abnormal events, strengthening our security credentials on a ‘per need’ basis.

Community Feedback

yAxis is a community sourced project, and while the team may be steering the ship — it’s important to us to collect feedback on strategy. We want to hear from the community on these next steps and take your thoughts into consideration for how and when to launch the Canonical Vaults.


Whilst an audit is scheduled for September, it’s of course frustrating for everyone involved to sit on a finished product.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store