Index Coop Resource Center
  • Welcome to The Index Coop.
  • Products
    • Trade
      • Index Coop Leverage Suite
      • Leverage Token Parameters
      • Leverage Token Keepers
      • Trading Interface Guide
      • Ripcord Guide
    • Earn
      • High Yield ETH Index (hyETH)
      • Interest Compounding ETH Index (icETH)
    • Asset Management
      • Product Development Process
      • Product Revenue Tokens (PRTs)
    • Legacy Products
      • How to Redeem Legacy Products
      • DeFi Pulse Index (DPI)
      • Bankless BED Index (BED)
      • Metaverse Index (MVI)
      • Diversified Staked ETH Index (dsETH)
      • Index Coop CoinDesk ETH Trend Index (cdETI)
      • Index Coop Large Cap Index (ic21)
      • ETH 2x Flexible Leverage Index (ETH2x-FLI)
      • BTC 2x Flexible Leverage Index (BTC2x-FLI)
      • Flexible Leverage Index- Polygon (FLI-Ps)
        • ETH 2x Flexible Leverage Index (ETH2x-FLI-P)
        • Inverse ETH Flexible Leverage Index (iETH-FLI-P)
        • BTC 2x Flexible Leverage Index (BTC2x-FLI-P)
        • Inverse BTC Flexible Leverage Index (iBTC-FLI-P)
        • MATIC 2x Flexible Leverage Index (MATIC2x-FLI-P)
        • Inverse MATIC Flexible Leverage Index (iMATIC-FLI-P)
      • Market Neutral Yield ETH (MNYe)
      • Bankless DeFi Innovation Index (GMI)
      • Data Economy Index (DATA)
      • Legacy Contract Addresses
      • Gitcoin Staked ETH Index (gtcETH)
  • Protocol
    • Index Protocol
      • Core Contracts
        • Set Token
        • Set Token Creator
        • Controller
        • Integration Registry
        • Price Oracle
        • Set Valuer
      • Modules
        • Basic Issuance Module
        • Debt Issuance Module v2
        • NAV Issuance Module
        • Trade Module
        • Streaming Fee Module
        • Wrap Module
        • Airdrop Module
        • Claim Module
        • Governance Module
        • Compound Leverage Module
        • Aave v2 Leverage Module
        • Aave v3 Leverage Module
        • Auction Rebalance Module
    • Set Protocol v2
    • Security and Audits
    • Contract Verification
    • Programmatic Redemptions
  • Resources
    • Governance
      • $INDEX - Governance Token
      • Index Improvement Proposals (IIP) Overview
        • IIP Step-by-Step
        • Governance Representatives
        • IIP Template
        • Product (DG) Template
      • Meta-Governance
      • Delegation
    • Data & Analytics
    • Multisigs
    • Press Kit
Powered by GitBook
On this page
  • Audits
  • Bug Bounty
  • GitHub
  1. Protocol

Security and Audits

PreviousSet Protocol v2NextContract Verification

Last updated 7 months ago

Index Coop products are built on either (a good-faith fork of Set Protocol v2) or . The security of both systems is of the utmost importance to the DAO and we recognize the complexity, difficulty, and responsibility of maintaining and evolving a value-bearing protocol. Therefore, Index Coop and Set Labs have made considerable efforts to ensure both systems have been reviewed by top independent security firms and that every line of code is heavily scrutinized.

Audits

The following audits for Index Protocol and Set Protocol v2 have been conducted and published by independent security firms:

Auditor

Coverage

Link

Sherlock

AaveLeverageStrategyExtension, AaveV3LeverageStrategyExtension, BaseManagerV2, Controller, IntegrationRegistry, SetToken, SetTokenCreator, AaveV3LeverageModule, AirdropModule, AmmModule, ClaimModule, DebtIssuanceModule, DebtIssuanceModuleV2, StreamingFeeModule, TradeModule, WrapModuleV2, BasicIssuanceModule, AuctionRebalanceModuleV1, BoundedStepwiseExponentialPriceAdapter, BoundedStepwiseLinearPriceAdapter, BoundedStepwiseLogarithmicPriceAdapter, ConstantPriceAdapter

0x52

CustomOracleNAVIssuanceModule, SetValuer, PriceOracle, PreciseUnitOracle, ERC4626Oracle, RebasingComponentModule, WrapModuleV2, AaveV2WrapV2Adapter, AaveV3WrapV2Adapter, CompoundV3WrapV2Adapter, ERC4626WrapV2Adapter, TargetWeightWrapExtension, SnapshotStakingPool, SignedSnapshotStakingPool, PrtFeeSplitExtension, Prt , DebtIssuanceModuleV3

Code4rena

NotionalTradeModule, NotionalWrappedfCash

OpenZeppelin

BasicIssuanceModule, PriceOracle, InvokeLib, Controller, SetToken, StreamingFeeModule, IntegrationRegistry, PositionLib, PreciseUnitMath, AddressArrayUtils, SetTokenCreator, ISetToken, ExplicitERC20, ModuleBase, IOracle, IOracleAdapter, IController, IManagerIssuanceHook

ABDK

BasicIssuanceModule, PriceOracle, InvokeLib, Controller, SetToken, StreamingFeeModule, IntegrationRegistry, PositionLib, PreciseUnitMath, AddressArrayUtils, SetTokenCreator, ISetToken, ExplicitERC20, ModuleBase, IModuleBase, IOracle, IOracleAdapter, IController, IDepositor, IManagerIssuanceHook, WrapModule, TradeModule, CompoundLeverageModule, AaveV3LeverageModule, AaveV3LeverageStrategyExtension

(consolidated) PDFs below

Iosiro

GeneralIndexModule, DebtIssuanceModuleV2, AaveLeverageModule, AMMSplitter, BatchTradeExtension, PerpetualV2Module, PerpetualV2BasisTradingModule

(consolidated) PDF below

All issues identified in these reports have been addressed by the Index Coop and/or Set Labs teams. While the audits are a thorough investigation of the code’s integrity, please be advised that these audits do not provide a 100% foolproof guarantee that the contracts are free from vulnerabilities.

The same security assumptions and audit coverage for Set Protocol v2 apply to Index Protocol as no changes have been made to the code for Core Contracts, Modules, or Adapters. Any Core Contracts or Modules added to Index Protocol over time will also be audited by security professionals before deployment and published here. Incremental smart contract development is subject to internal unit, integration, and simulation testing before submission to auditors and/or deployment.

Bug Bounty

Both Index Coop and Set Protocol maintain bug bounty programs in order to incentivize hackers to make positive-sum contributions to protocol and product security.

GitHub

All source code for contracts supporting Index Coop products can be found in the following GitHub repositories:

Index Coop’s bug bounty program is live on , where bug hunters and DeFi researchers can win up to $200,000 for helping strengthen the security of Index Protocol. Rewards are distributed according to the impact of the vulnerability based on theImmunefi , a simplified 5-level scale that focuses on the impact of the vulnerability reported. You can find full details on the .

The most current audit reports are also stored in .

Immunifi
Vulnerability Severity Classification System
Immunefi - Index Coop page
IndexCoop / index-protocol
IndexCoop / index-coop-smart-contracts
SetProtocol / set-protocol-v2
SetProtocol / set-v2-strategies
IndexCoop / audits
Index Protocol
Index Update
icUSD Audit Report
PRT Audit Report
DIMv3 Audit Report
Notional x Index Coop Findings & Analysis Report - Code4rena
Set Protocol v2 Audit - OpenZeppelin Security
Index Protocol
Set Protocol v2
4MB
ABDK Index Coop Index Protocol v1.0.pdf
pdf
2MB
ABDK Set Protocol v2 Audits.pdf
pdf
3MB
Iosiro Set Protocol v2 Audits.pdf
pdf