🔓Security and Audits

Security and Audits

Security is a core pillar of ZO. Every component of the protocol — from smart contracts to oracle flows to backend infrastructure — is designed with a “safety-first” approach to protect both traders and liquidity providers.

Independent Audits All ZO smart contracts undergo independent, third-party security audits before deployment. Audits focus on critical areas including:

leverage and liquidation logic
collateral accounting and asset safety
oracle integration and price update validation
pool accounting and fee distribution
role permissions and upgrade rules
invariant checks and failure-mode behavior

ZO follows an iterative audit process: major upgrades, new modules (e.g., oracle engine, reserving fee model), and risk-sensitive components are re-audited before release.

Audit Partner: Movebit, Asymptotic

Latest Audit with Asymptotic:

The AI workspace that works for you. | NotionNotion

Audit with Movebit:

607KB

Sudo Finance Audit Report (1) (1).pdf

PDF

Open

Formal Verification & Testing Beyond audits, ZO uses extensive internal testing:

unit tests for all critical price, fee, and accounting functions
fuzz testing to detect unexpected edge cases under load
simulation environments that replay market volatility, liquidations, and oracle delays
continuous integration pipelines to test every update against known attack vectors

Oracle Safety & Manipulation Resistance ZO integrates Pyth’s low-latency feeds and wraps them with additional protections:

multiple layers of validation before a price is accepted
staleness and deviation checks
rate-limits and sanity bounds
fallback paths when market conditions diverge sharply

This ensures the protocol is resistant to oracle manipulation, delayed updates, or abnormal market swings.

Permission Controls & Safe Upgrades ZO employs strict on-chain role separation. Administrative actions, such as upgrading modules or adjusting parameters, require multi-sig approval. Upgrades follow a staged rollout process, allowing for on-chain monitoring and rollback if needed.

Ongoing Monitoring Post-deployment, the protocol uses continuous monitoring tools to detect abnormal behaviors such as unusual OI imbalances, rapid liquidation clusters, or irregular transaction patterns. When thresholds are met, circuit-breakers and automatic safeguards can slow or restrict actions on the protocol.

Onchain Programs

You can find ZO contracts from Move Registry:

Move Package Registrywww.moveregistry.com

PreviousRoadmap NextStart trading

Last updated 11 days ago