Index Coop Docs
Search
K

Security

Index Coop products are built on either Set Protocol v2 or Index Protocol (a good-faith fork of Set Protocol v2). The security of both systems is of the utmost importance to the DAO and we recognize the complexity, difficulty, and responsibility of maintaining and evolving a value-bearing protocol. Therefore, Set Labs and Index Coop have made considerable efforts to ensure both systems have been reviewed by top independent security firms and that every line of code is heavily scrutinized.

Audits

The following audits for Set Protocol v2 and Index Protocol have been conducted and published by independent security firms:
Auditor
Coverage
Link
Sherlock
AaveLeverageStrategyExtension, AaveV3LeverageStrategyExtension, BaseManagerV2, Controller, IntegrationRegistry, SetToken, SetTokenCreator, AaveV3LeverageModule, AirdropModule, AmmModule, ClaimModule, DebtIssuanceModule, DebtIssuanceModuleV2, StreamingFeeModule, TradeModule, WrapModuleV2, BasicIssuanceModule, AuctionRebalanceModuleV1, BoundedStepwiseExponentialPriceAdapter, BoundedStepwiseLinearPriceAdapter, BoundedStepwiseLogarithmicPriceAdapter, ConstantPriceAdapter
OpenZeppelin
BasicIssuanceModule, PriceOracle, InvokeLib, Controller, SetToken, StreamingFeeModule, IntegrationRegistry, PositionLib, PreciseUnitMath, AddressArrayUtils, SetTokenCreator, ISetToken, ExplicitERC20, ModuleBase, IOracle, IOracleAdapter, IController, IManagerIssuanceHook
ABDK
BasicIssuanceModule, PriceOracle, InvokeLib, Controller, SetToken, StreamingFeeModule, IntegrationRegistry, PositionLib, PreciseUnitMath, AddressArrayUtils, SetTokenCreator, ISetToken, ExplicitERC20, ModuleBase, IModuleBase, IOracle, IOracleAdapter, IController, IDepositor, IManagerIssuanceHook, WrapModule, TradeModule, CompoundLeverageModule, AaveV3LeverageModule,AaveV3LeverageStrategyExtension
(consolidated) PDFs below
Iosiro
GeneralIndexModule, DebtIssuanceModuleV2, AaveLeverageModule, AMMSplitter, BatchTradeExtension, PerpetualV2Module, PerpetualV2BasisTradingModule
(consolidated) PDF below
Code4rena
NotionalTradeModule, NotionalWrappedfCash
ABDK Index Coop Index Protocol v1.0.pdf
4MB
PDF
ABDK Set Protocol v2 Audits.pdf
2MB
PDF
Iosiro Set Protocol v2 Audits.pdf
3MB
PDF
All issues identified in these reports have been addressed by the Index Coop and/or Set Labs teams. While the audits are a thorough investigation of the code’s integrity, please be advised that these audits do not provide a 100% foolproof guarantee that the contracts are free from vulnerabilities.
The same security assumptions and audit coverage for Set Protocol v2 apply to Index Protocol as no changes have been made to the code for Core Contracts, Modules, or Adapters. Any Core Contracts or Modules added to Index Protocol over time will also be audited by security professionals before deployment and published here. Incremental smart contract development is subject to internal unit, integration, and simulation testing before submission to auditors and/or deployment.

Bug Bounty

Both Index Coop and Set Protocol maintain bug bounty programs in order to incentivize hackers to make positive-sum contributions to protocol and product security.
Index Coop’s bug bounty program is live on Immunifi, where bug hunters and DeFi researchers can win up to $200,000 for helping strengthen the security of Index Protocol. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System, a simplified 5-level scale that focuses on the impact of the vulnerability reported. You can find full details on the Immunefi - Index Coop page.

GitHub

All source code for contracts supporting Index Coop products can be found in the following GitHub repositories: