search

Smart Contract Audits

Alvara Protocol's smart contracts have been independently audited by three security firms: CertiK, QuillAudits, and Adevar Labs.

hashtag
Completed Audits

hashtag
CertiK — Staking & BSKT Contracts

Full security assessment of the staking platform and BSKT core contracts, covering BSKT.sol, Factory.sol, and BSKTPair.sol. Methods included formal verification, manual review, and static analysis.

Auditor: CertiKarrow-up-right Date: June 12, 2025 Scope: Staking, BSKT Factory, BSKT, BSKTPair (EVM Compatible) Findings: 18 total — 14 resolved, 4 acknowledged. 1 critical (resolved), 2 major (1 resolved, 1 acknowledged), 4 medium (all resolved), 8 minor (6 resolved, 2 acknowledged), 2 informational (all resolved). Report: CertiK Audit Report (PDF)arrow-up-right

hashtag
QuillAudits — BSKT Factory & BSKT Contracts

The core BSKT creation and management contracts have been audited. This covers the factory contract, basket token logic, deposit/redemption mechanics, and rebalancing functionality.

Auditor: QuillAuditsarrow-up-right Report: BSKT Factory Audit Report (PDF)arrow-up-right

hashtag
QuillAudits — Staking Contract

The ALVA staking contract (time locks, forever locks, veALVA calculation, reward distribution) has been audited.

Auditor: QuillAuditsarrow-up-right Report: Staking Audit Report (PDF)arrow-up-right

hashtag
QuillAudits — ALVA Token (Avalanche)

The ALVA token deployment on Avalanche C-Chain has been audited.

Auditor: QuillAuditsarrow-up-right Report: ALVA Token AVAX Audit Report (PDF)arrow-up-right

hashtag
Adevar Labs — 1inch Integration (After Fix Review)

Security assessment focused on the 1inch swap integration, covering BSKT.sol, Factory.sol, BSKTPair.sol, and BSKTUtils.sol. Reviewed partial-fill handling, LP token accounting, fee calculation logic, and ETH recovery mechanisms.

Auditor: Adevar Labsarrow-up-right Date: January 29, 2026 Scope: 1inch integration — BSKT, Factory, BSKTPair, BSKTUtils contracts Findings: 6 total — 3 high (2 resolved, 1 partially resolved), 2 medium (2 partially resolved), 1 low (resolved). 2 enhancement opportunities noted. Report: Adevar Labs 1inch Integration Audit Report (PDF)arrow-up-right

hashtag
Audit Scope

The audits collectively cover:

  • Smart contract logic and correctness

  • Access control and permission models

  • Reentrancy and common vulnerability checks

  • Flashloan and price manipulation vectors

  • Economic attack vectors (inflation, reserve manipulation)

  • Centralization risks

  • Gas optimization

hashtag
Important Note

Audits reduce risk but do not eliminate it. Smart contracts are complex software and may contain undiscovered vulnerabilities. All interactions with Alvara Protocol carry inherent smart contract risk. See Risk Disclosures for more information.

PreviousERC-7621 StandardNextMEV Protection

Last updated