# Audits ## **Security is Our Top Priority** Smart contract risk is highly prevalent among DeFi protocols. One of Usual’s top priorities is to mitigate and reduce the potential risk from the underlying Usual smart contracts by conducting in-depth audits aimed at identifying potential vulnerabilities, logical errors, or inefficiencies and further by conducting continuous security monitoring of the smart contracts. The audits are conducted by leading industry experts and will be used to enhance trust through proper risk and security management on the smart contracts. Please find below the chronological overview of our completed audits. ## **May 2024** ### **Auditor** [Cantina](https://cantina.xyz/welcome) * Lead Security Researcher: xmxanuel * Security Researcher: deadroses * Associate Security Researcher: jonatas ### **Scope** * Codebase Simplification: Replacing the "mint engine" with the "swap engine" * Cantina Managed Audit Phase 1: Permissioned launch smart contracts audit * Cantina Managed Audit Phase 2: Permissionless launch smart contracts audit {% file src="" %} Spearbit Cantina Report for Permissionless launch {% endfile %} {% file src="" %} Spearbit Cantina Report for Permissionless launch {% endfile %} ## **June 2024** ### **Auditor** [Cantina](https://cantina.xyz/welcome) ### **Scope** * Public security competition managed by Cantina on the same scope that audited in May 2024 * Link: [Public Competition & Bug Bounty Program](https://cantina.xyz/competitions/31a752e3-8ece-49b3-a9ee-d7294c659340) {% file src="" %} Pegasus Audit Competition run by Cantina {% endfile %} ## October 2024 ### Auditor [Paladin](https://paladinsec.co/) ### Scope * L2 Token contracts * OFT MintAndBurnAdapter * L1 OFT Adapter * Link: [L2 Tokens & Adapter Audit](https://paladinsec.co/projects/usual/) {% file src="" %} L2 Token Audit conducted by Paladin {% endfile %} ## November 2024 ### Auditors [Cantina](https://cantina.xyz/welcome) * Lead Security Researcher: deadroses * Lead Security Researcher: xmxanuel * Security Researcher: Phaze * Associate Security Researcher: Chinmay Farkya [Halborn](https://www.halborn.com/) [Sherlock](https://www.sherlock.xyz/) (public audit competition) ### Scope V1 contract upgrades & additions covering: * bUSD0 (formerly USD0++) * DAO Collateral * SwapperEngine * USUAL * USUALS * USUALSP * USUAL distribution * USUAL Airdrop * USUALx {% file src="" %} Spearbit Cantina Report for Usual Pegasus Phase 1 {% endfile %} {% file src="" %} {% file src="" %} Halborn Usual V1 {% endfile %} {% file src="" %} Sherlock - Usual V1 Audit Competition Report.pdf {% endfile %} ## December 2024 ### Auditors Blackthorne [Cantina](https://cantina.xyz/welcome) ### Scope * WrappedM aka UsualM * bUSD0 (formerly USD0++) unwrap with Cap for vault strategies * USUALx {% file src="" %} Blackthorn Audit Report - WrappedM {% endfile %} {% file src="" %} Spearbit Cantina Report for UsualM extension {% endfile %} {% file src="" %} Spearbit Cantina Report for USD0pp adjustments {% endfile %} ## January 2025 ### Auditors
[Spearbit](https://cantina.xyz/portfolio/51ba92e3-1c77-4e55-be3f-b43b529fd38b) ### Scope * Claim Redirect * Fee sweep via DistributionModule * USUALx adjustment for fee sweep * bUSD0 (formerly USD0++) adjustment for fee sweep {% file src="" %} Spearbit - Audit Report on Redirect & Fee Sweep {% endfile %} ## February 2025 ### Auditors [Sherlock](https://www.sherlock.xyz/)\ \ [Spearbit](https://spearbit.com/) ### Scope * Euler USL vault and oracle * Usual USL Economic Risk Assessment * UsualUSDtb * Yield Module {% file src="" %} Sherlock - Audit Report on USL on Euler {% endfile %} {% file src="" %} Spearbit - Audit Report on USL on Euler {% endfile %} {% file src="" %} OAK Security - Usual USL Economic Risk Assessment {% endfile %} {% file src="" %} Sherlock - Audit Report on UsualUSDtb {% endfile %} {% file src="" %} Spearbit - Audit Report on Yield Module {% endfile %} For more detailed information on our security measures or to report a potential vulnerability, please contact our security team at . ## March 2025 ### Auditors [Sherlock](https://www.sherlock.xyz/)\ \ [Spearbit](https://spearbit.com/) ### Scope * Usual bUSD0 (formerly USD0++) Investment Vault * Coherent Audit competition on overall protocol {% file src="" %} Spearbit - Usual bUSD0 (formerly USD0++) Investment Vault {% endfile %} {% file src="" %} Sherlock - Usual Labs Public Audit Contest {% endfile %} {% file src="" %} Halborn - bUSD0 (formerly USD0++) Investment vault {% endfile %} ## May 2025 ### Auditors [Hexens](https://hexens.io/) [Halborn](https://www.halborn.com/audits) [Sherlock](https://www.sherlock.xyz/)\ \ [Spearbit](https://spearbit.com/) ### Scope * ETH0 Protocol * ETH0 Zapper Contract * USUALX Lockup Contract {% file src="" %} {% file src="" %} Sherlock - Audit report on ETH0 Zapper contract {% endfile %} {% file src="" %} Hexens - Audit report on UsualX Lockup Contract {% endfile %} {% file src="" %} Halborn - Audit report on UsualX Lockup Contract {% endfile %} ## July 2025 ### Auditors [Sherlock](https://www.sherlock.xyz/) [Spearbit](https://spearbit.com/) ### Scope * bUSD0 (formerly USD0++) Upgrade (Updating Burn Redemption Mechanism) * Sync Vault remediation * Usual USDC {% file src="" %} Sherlock - Audit report on bUSD0 (formerly USD0++) upgrade (Burn Redemption Mechanism) {% file src="" %} {% file src="" %} ## October 2025 ### Auditors [Sherlock](https://www.sherlock.xyz/) ### Scope * EUR0 {% file src="" %} ## November 2025 ### Auditors [Hexens](https://hexens.io/) [Halborn](https://www.halborn.com/audits) [Sherlock](https://www.sherlock.xyz/) ### Scope * sUSD0 * sEUR0 * RDM (Revenue Distribution Module) * USD0a Protocol * bUSD0 (formerly USD0++) Upgrade {% file src="" %} {% file src="" %} {% file src="" %} {% file src="" %} {% file src="" %} {% file src="" %}