Skip to content

Security: skew-labs/skew

Security

SECURITY.md

Security Policy

If you believe you have found a vulnerability that puts user funds at risk on a future mainnet deployment, do not file a public issue.

Reporting a vulnerability

Severity Disclosure channel Triage SLA
Critical — funds extractable, mainnet TVL at risk Private email: security@skew.fi (PGP optional) 24h
High — devnet exploit possible, clear path to mainnet escalation Private GitHub security advisory: https://github.com/skew-labs/skew/security/advisories/new 48h
Medium / Low — operational issue with no fund risk Public issue with security label best-effort

When in doubt about severity, default to private disclosure.

In scope

On-chain (highest priority)

  • Anchor program (skew/skew-master, 97 instructions / 79 events / 129 error variants in the current Anchor IDL) — every instruction handler, PDA layout, scenario-grid math, ConvexHullIM closed-form 2-dim / 5-dim SSVI / 25-dim ICC margin solvers, Boundary-Aware IM floor, Hamilton 2-state regime gating, Verified-tier monotonicity invariant, Lyapunov gating on partial liquidations, default-waterfall ordering (6-tier cascade + out-of-cascade ADL + Clawback + conditional orders / escrow-aware RFQ auctions / 32-leg combo intent v2), oracle staleness gates, ed25519 RFQ quote digest verification, settlement payoff functions, governance multisig + timelock.
  • Specific instruction surfaces of interest:
    • create_option / deposit_collateral — collateral lock, max-loss bound check
    • buy_option — premium routing, fee accumulator (v5.1 cascading dispatch)
    • settle / close_expired / expire_abandoned — Pyth read, payoff routing, grace window
    • register_clearing_member / cm_add_collateral / cm_withdraw_collateral — CM accounting, free-collateral computation, 24h withdrawal rate-limit
    • upgrade_tier / downgrade_tier — 4-rung ladder dispatch, lockup-collateral float check, 30-day continuous-capital window
    • calculate_margin / call_variation_marginpm_engine closed-form scenario scan, tier monotonicity floor
    • liquidate / default_waterfall_drain / adl_step / clawback_step — Dutch auction (1.5% → 5% over roughly 90 seconds), 6-tier cascade ordering (Tier-0..Tier-5), out-of-cascade ADL priority + 50% per-CM cap, pro-rata clawback share. ADL/Clawback are SKEW_AUTHORITY-gated.
    • atomic_fill_from_relay — ed25519 sibling-instruction verification, payload-digest binding
    • init_isolated_vault / deposit_isolated / withdraw_isolated — locked-funds invariant, vault drain ordering on settle/liquidate
    • register_combo_intent / cancel_combo_intent / finalize_combo_intent — multi-leg escrow, leg-spec pinning, residual refund
    • update_dvol — authority-gated DVOL crank
    • replenish_if_from_fees — SKEW_AUTHORITY-only capped skim FeeAccumulator → IF
    • governance_propose / governance_execute — Squads-style threshold + timelock

Off-chain (lower priority — no fund custody)

  • Relay (skew/skew-relay) — atomic-fill assembly, ed25519 verification, payload-digest construction. The relay never signs on behalf of users; it only routes already-signed payloads.
  • SDK (@skew-labs/sdk) — methods that sign and submit transactions. PDA derivation correctness.
  • MCP server (@skew-labs/mcp) — tool argument validation, output allowlist filtering.
  • Pricing engine (skew/skew-pricing) — input validation. Note: pricing output is advisory; on-chain settlement does not read it.
  • Indexer + webhooks (skew/skew-indexer) — Helius webhook HMAC verification.

Out of scope (for bounty)

  • Frontend XSS / clickjacking unless it leads to a wallet-signing exploit
  • Rate-limiting bypass on read-only endpoints
  • DoS via Solana program rate limits (compute units, account size)
  • Devnet-only race conditions that don't survive mainnet program semantics
  • Upstream issues in Phantom, Helius, Pyth, or Squads
  • Off-chain pricing output being economically suboptimal (it's advisory by design)

Pre-mainnet validation gates

The following must all be green before any mainnet deployment proposal is accepted:

Gate Status
External audit by Solana-experienced firm (full anchor program scope) Pending
Bug bounty live for ≥ 30 days post-audit Pending
Squads 3-of-5 multisig configured with the production member set Pending
24-hour timelock active on every governance-mutating instruction ✅ on devnet
Insurance-fund tier balances seeded to mainnet target sizes Pending
End-to-end mainnet rehearsal on a parallel program ID, all five core flows passing Pending
mainnet-promotion-checklist.md signed off by founder Pending

The protocol is on devnet only until every row above is checked.

When reporting, include

  1. Affected component + commit SHA
  2. Proof of concept — minimal repro on devnet preferred (mainnet not required)
  3. Attack scenario — who runs the exploit, what they extract, lower-bound TVL impact
  4. Recommended fix — your suggestion, if you have one
  5. Disclosure timeline — when you'd like the fix shipped, plus credit preference

What we do

  1. 24–48h triage depending on severity
  2. Reproduce the PoC on a fresh checkout
  3. Coordinate disclosure — 30-day standard, extendable if upstream patches are needed
  4. Patch + redeploy with Squads multisig timelock for state-mutating fixes
  5. Credit + reward for confirmed disclosures, with placement in the post-audit hall of fame

Defenses already in the code

These are the structural defenses that already live in the on-chain program. A working exploit must defeat one of them, not assume one isn't there:

Defense Where it lives
Boundary-Aware initial-margin floor (max(IM_scenario, M − V_0)) compute_im in the margin engine
Lyapunov gating on partial liquidations liquidate handler
equity / IM ≥ 1.10 precondition for CM withdrawals cm_withdraw_collateral
Self-liquidation forbidden (caller != owner) liquidate handler entry
Pyth confidence > 1% routes to admin-settle dispute settle
Pyth staleness > threshold routes to single-venue DEX TWAP settle
Atomic RFQ requires ed25519 sibling instructions for both buyer and CM, validated against the canonical 100-byte payload digest atomic_fill_from_relay
Governance instructions are structured for Squads 3-of-5 + 24-hour timelock before mainnet handoff governance_execute
Per-tier IF concentration cap (TIER_CONCENTRATION_BPS = [300, 300, 400, 500] — 3% Standard / 3% Silver / 4% Gold / 5% Platinum) cm_add_collateral + atomic_fill_from_relay precondition
Verified-tier monotonicity invariant (IM_Standard ≥ IM_Silver ≥ IM_Gold ≥ IM_Platinum) calculate_margin dispatch (tier_candidate.min(standard_im))
50% ADL clawback ceiling on winner profit default_waterfall_drain

The full structural risk-model writeup lives in docs/risk-model.md. Design alternatives explored and rejected are in docs/design-decisions.md.

Audit history

Auditor Scope Status
TBD Pre-mainnet full program Pending

Pre-audit, this codebase is devnet only.

There aren't any published security advisories