Audits

Security audits — what's been audited, by whom, and what's in progress.

Security is foundational to ETH Strategy. Smart contract audits are conducted before any contract goes live in a permissionless capacity.

Completed Audits

ESPN (Perpetual Note)

ESPN's smart contracts have been fully audited by Nethermind.

Auditor

Nethermind

Scope

EthStrategyPerpetualNote (ESPN vault), ESPNRedemptionQueue

Report

NM0599-FINAL_ETH_STRAT.pdf

Status

Complete — findings addressed

In Progress

Core Protocol

The core protocol contracts — covering convertible notes, esETH, CDT, StakedStrat, and supporting infrastructure — have completed 2 full audits. Reports will be published alongside the contract code as the protocol approaches permissionless launch.

Scope

EthStrategyConvertibleNote, esETH, CdtToken, StakedStrat

Audits completed

Reports

To be published before permissionless launch

Treasury Lending

Treasury Lending (StratETHTreasuryLend) is on the roadmap for Q2 2026. Audits for this contract will be conducted and published before it goes live.

Security Practices

All contracts use Ownable2Step for ownership management — transfers require explicit acceptance
ReentrancyGuard is applied to state-changing functions
ERC-2612 permit support enables gasless approvals where applicable
Protocol invariants are enforced at the contract level and covered by comprehensive integration tests
Governance operations are managed through Safe multisigs with a nested hierarchy

Reporting Vulnerabilities

If you discover a potential vulnerability, please report it responsibly. Contact the team via the ETH Strategy Telegram or reach out to @eth_strategy on Twitter.

For a comprehensive view of protocol risks and mitigations, see Risks.

PreviousDefense in Depth NextDecentralization Scorecard

Last updated 20 hours ago

hashtagCompleted Audits

hashtagESPN (Perpetual Note)

hashtagIn Progress

hashtagCore Protocol

hashtagTreasury Lending

hashtagSecurity Practices

hashtagReporting Vulnerabilities