Security
Audit & Contracts
All Denom protocol contracts have been reviewed by Grey Zone Security Review Team. Zero critical or high severity findings. The protocol is safe to use.
Security Audit
Grey Zone Security Review Team
Full protocol security review
Vulnerability Summary
0
Critical
0
High
1
Medium
2
Low
3
Informational
Overall Safety Assessment
SafeNo critical or high severity vulnerabilities found. The protocol has 0 issues that could result in loss of user funds. All medium and low findings have been acknowledged and documented. The immutable vault design eliminates entire categories of risk.
Detailed Findings
Withdrawal queue unbounded growth
Finding
The redemption queue array grows indefinitely. While queueHead advances, old entries remain in storage. In extreme scenarios with millions of queued redemptions, gas costs for iteration could increase.
Team response
Acknowledged. The 24h withdrawal cap limits queue growth in practice. A future vault version may implement queue cleanup.
Fee rounding in small redemptions
Finding
For very small BTCD redemptions close to the minimum fee threshold, rounding in the fee calculation may result in slightly higher effective fee rates than 0.01%.
Team response
By design. The minimum fee of 1 BTCD prevents dust attacks and is documented in the protocol specification.
Window reset timing
Finding
The 24h withdrawal window resets based on the first transaction after the window expires, not on a fixed schedule. This means the window length can vary slightly.
Team response
Accepted behavior. Does not affect security or user funds.
Fee collection mints new tokens
Finding
The collectFees() function mints new BTCD/ETHD to the DAO treasury rather than transferring from reserves. This slightly increases total supply over time.
Team response
By design. Fees are burned from the redeemer and re-minted to the treasury to keep accounting clean.
No emergency pause on core contracts
Finding
The BTCD and ETHD vault contracts have no pause functionality. If a vulnerability is discovered, there is no way to stop minting or redeeming.
Team response
This is an intentional design choice. Immutability and the absence of admin controls is the core safety guarantee of the protocol.
cbBTC centralization dependency
Finding
The BTCD vault depends on cbBTC, which is issued by Coinbase — a centralized entity. If Coinbase freezes the cbBTC held in the vault, redemptions would be blocked.
Team response
Acknowledged and documented on the website. The team has committed to migrating to a more decentralized BTC wrapper when available.
Audited Contracts
DenomBTCD $BTCD
Immutable Vault
DenomETHD $ETHD
Immutable Vault
DenomDNM $DNM
Governance Token
DenomClaim
Fee Claims
DenomGovernor
Governance
Security Properties
Immutable vaults
BTCD and ETHD vault contracts cannot be modified, paused, or upgraded after deployment.
No admin keys
No owner functions, no multisig overrides, no backdoors on core contracts.
No oracle dependency
Fixed ratios eliminate price feed manipulation risk entirely.
No liquidation engine
Re-denominating, not borrowing. No flash loan liquidation attacks.
0% collateral utilization
Deposited cbBTC and WETH are never lent, staked, or rehypothecated.
Verified on-chain
All contract source code is verified on BaseScan for public audit.