Skip to main content

Security & Audits

Denaria is a Perpetual DEX designed with the objective of having all critical components of the protocol fully onchain, minimizing reliance on trusted offchain infrastructure. This ambitious design choice required a rigorous and security-first approach starting from the earliest stages of protocol design.

All core components of the protocol were designed and implemented from scratch to ensure a coherent, consistent, and fully integrated system aligned with this objective.

Security in Denaria is conceived as a continuous validation process that begins during the ideation and design phases and extends through validation, implementation, and ongoing operation. The purpose of this section is to provide transparency into the security process adopted throughout the development of the protocol.

Security Validation Lifecycle​

  1. Modeling and simulation - A proprietary simulation framework was developed to test the behavior of the financial system, measure performance, and evaluate system behavior under stress conditions. This framework is continuously used to validate economic assumptions, stress-test extreme market scenarios, analyze liquidation flows, and support parameter tuning.
  2. Public incentivized off-chain demo - A public, incentivized interface was released to allow real users to interact with the system logic through an offchain backend that mirrors the logic, enabling real-user validation.
  3. Public incentivized testnet - A public incentivized testnet was launched to validate the protocol’s smart contracts in a live onchain environment, testing execution logic, state transitions, liquidation mechanisms, funding flows, and accounting behavior under real network conditions.
  4. Internal security audits - Two rounds of internal security audits were conducted by an internal auditor who was not involved in the implementation phase, focusing on core protocol logic, mathematical correctness, access control, and potential economic or logical vulnerabilities.
  5. System Invariants - A set of system invariants was defined and analyzed to identify unsafe states or inconsistencies within the protocol, ensuring correct collateral accounting, bounded risk exposure, and solvency across all valid system states. In parallel, continuous simulation and fuzz testing campaigns are run to explore a large number of possible system states and execution paths, validating protocol behavior under extreme and unexpected conditions.
  6. External Security Audits - Two rounds of external security audits were conducted with the Consensys Diligence team. All identified issues were either fully remediated or assessed as not requiring corrective action, and the final audit report summarizes the findings and resolutions. Full Report Here
  7. Fine Tuning -Β  An extensive testing campaign was conducted using the simulation framework and aggregated testing data to calibrate protocol parameters and reach the desired security, stability, and performance standards. Explore the Perp Parameters here: Perp Parameters
  8. Continuous Security & Responsible Disclosure - The protocol is continuously monitored and improved to enhance financial security and system performance, including proactive hack-prevention mechanisms such as invariant-based rules that are enforced and blocked at the sequencer level to prevent invalid or unsafe transactions.

Some Stats About Denaria​

The following stats clearly demonstrate the depth and intensity of the Denaria testing process, validating both the robustness and reliability of the protocol over time.

Demo stats

  • 6,400 traders onboarded, with 4,600 users completed Proof of Personhood verification
  • $3.5B total trading volume, with $2.1B traded in long positions and $1.4B traded in short positions
  • 118,000 total trades
  • 85,000 liquidations recorded

Testnet stats

  • Cumulative 8,700 users onboarded, with 5,900 users completed human verification
  • 133,000 trading positions executed
  • 11,700 positions liquidated by the liquidator

Risk Disclosure​

Despite the rigorous validation, testing, and security review process, interacting with the protocol involves inherent risks. Users are encouraged to carefully review the Risk Disclosure section before interacting with the protocol.