Security
Centrifuge has best-in-class security process, with highlights including
- 16 security reviews to date for the Centrifuge protocol.
- Launched on mainnet in 2019, 0 exploits.
- Extensive invariant test suite.
The protocol codebase is fully immutable, and any emergency functions are locked behind a 72-hour timelock.
Security reviews
Protocol
| Auditor | Scope | Date | Engagement | Report |
|---|---|---|---|---|
| Macro | Merkle Proof Manager | June 2025 | Security review | Report |
| Electisec | Spoke/Vaults | June 2025 | Security review | Report |
| Spearbit | V3.0 | May 2025 | Security review | Report |
| burraSec | Gateway | May 2025 | Security review | Report |
| xmxanuel | V3.0 | May 2025 | Security review | Report |
| Alex the Entreprenerd | V3.0 | Apr 2025 | Review + invariant testing | Report |
| burraSec | Gateway | Apr 2025 | Security review | Part 1 Part 2 |
| xmxanuel | V3.0 | Mar 2025 | Security review | Report |
| Spearbit | V2.1 | Feb 2025 | Security review | Report |
| Recon | V2.0 | Jan 2025 | Invariant testing | Report |
| Spearbit | V2.0 | July 2024 | Security review | Report |
| Spearbit | Morpho integration | June 2024 | Security review | Report |
| Alex the Entreprenerd | V2.0 | Mar - Apr 2024 | Review + invariant testing | Part 1 Part 2 |
| Spearbit | V1.0 | Oct 2023 | Security review | Report |
| SRLabs | V1.0 | Sep 2023 | Security review | Report |
| Code4rena | V1.0 | Sep 2023 | Competitive audit | Report |
Operational securitiy
The core team contributing to Centrifuge has completed an operational security review with OPSEK.
Bug bounty
Centrifuge runs an active bug bounty program with a $250,000 maximum reward, available on Cantina.
Guardian
The protocol is controlled by the Root contract, which has access on all other contracts. The Root conract enforces a 48-hour delay for any upgrades and configuratino changes.
Each deployment has a Guardian role, who is authorized on the Root contract. The Guardian can pause in emergencies, schedule upgrades, and set up adapters to new networks.
The Guardian role is implemented using Gnosis Safe, with the Zodiac Delay module setup with a 24-hour delay.
The Root timelock plus Guardian delay leads to an aggregate timelock for changes of 72 hours.
| Network | Guardian |
|---|---|
| Ethereum Mainnet | 0xD9D30ab47c0f096b0AA67e9B8B1624504a63e7FD |
| Base | 0x8b83962fB9dB346a20c95D98d4E312f17f4C0d9b |
| Arbitrum | 0xa36caE0ACd40C6BbA61014282f6AE51c7807A433 |
| Plume | 0x2d442069f78561F817d92c94924D5EaddA9C5767 |
| Avalanche | 0xb6642fEd2221e177dD29581BB6d1959Bd1c54185 |
| BNB Smart Chain | 0x57066D897cB9cDef21b9Ecd7CecdD1d39b6eE445 |