Security

Audits

THENA V1 has been audited by PeckShield. THENA V2 has been audited by OpenZeppelin. THENA is protected by Aegis from Lossless.

THENA was originally adapted from Velodrome codebase, which is directly derived from the Solidly smart contracts that have been open sourced in March 2022. The AMM part of Solidly has been audited by PeckShield that revealed 5 low-severity and 1 informal findings. There have been no security-related incidents involving Solidly smart contracts since their deployment on Fantom in February 2022.

The Velodrome codebase went through a security audit and a peer review as part of a Code4rena bug bounty contest. All high or medium risk issues were either resolved pre-deployment, except for one known issue (users can claim eligible rewards from ExternalBribe contracts more than once) that has been addressed via a wrapped contract solution.

Ongoing Bug Bounty

We have launched a bug bounty program together with Immunefi. The maximum bounty is set at $150,000. The bug bounty has been temporarily discontinued.

Multisig

All transactions will have to go through a multisig.

• Setup: 4/6 signers needed for a transaction, 3 from THENA, 3 publicly known entities from Ankr, GrizzlyFi, and DEUS Finance (0x7d70ee3774325c51e021af1f7987c214d2caa184)

• Timelock: 12 hours (0x5d7deb17be6c6243d6d65205b5293edceb676561)