Skip to main content

Threat model

The Depository contract is receiving from users and an allocator can sign messages authorizing the withdrawal of funds from the depository. As such the allocator itself has to be trusted to only sign messages if the user’s intent was successfully filled. The contract is not upgradable, meaning that once deployed, the code cannot be changed.

Audits

The Relay Depository contracts written in Solidity have been audited by Spearbit. At the time the contract was called CreditMaster and you can download the audit reports (Note that the audit includes other contracts as well, such as the vaults contracts). The Relay Depository contracts written in Solana have been audited by Certora and you can find the audit reports.
I