Audit Reports
Paimon Finance is committed to security and transparency. All smart contracts undergo rigorous third-party security audits before deployment.
Smart Contract Audits
The Prime Vault contracts (PPT, RedemptionManager, AssetController, RedemptionVoucher, PPTTypes, IPPTContracts) have undergone two independent third-party audits. Both reports are published in full above.
CertiK Audit Summary
Audit Details:
Type: Vault
Ecosystem: EVM Compatible
Methods: Manual Review, Static Analysis
Language: Solidity
Findings Overview:
Critical
0
-
-
Major
2
2
0
Medium
11
11
0
Minor
18
17
1
Informational
1
1
0
Centralization
1
0
1
Total Findings: 33 | Resolved: 31 | Acknowledged: 2
SlowMist Audit Summary
Audit Details:
Type: Smart-contract security audit (Paimon BSC contracts — PPT scope)
Ecosystem: BNB Smart Chain (EVM compatible)
Methods: Manual review + static analysis
Language: Solidity
For the full list of findings, severity distribution, remediation status and re-test results, refer to the published PDF report linked above.
Audited Contracts (Prime Vault scope)
AssetController.solPPT.sol(deployed asPPsymbol)PPTTypes.solRedemptionManager.solRedemptionVoucher.solIPPTContracts.sol
Pre-IPO / Compliance Layer (External Audit Pending)
The Prime Vault scope above is covered by two independent external audits (CertiK + SlowMist). The remaining production contracts have not yet completed external audit:
EIP-3643 contract suite —
EIP3643Token,ShadowERC20,TokenBridge,KYCAggregator,SimpleKYCProviderLaunchpad / Points / Badge —
LaunchpadDrop,LaunchpadSettlement,PaimonTreasury,PaimonBadge,PointsHubV2,StakingModule,LPStakingModule,PointsRedemption
These contracts are deployed on BSC mainnet and have been internally reviewed. External audit reports for this scope will be published as they are completed.
Ongoing Security
Continuous monitoring of deployed contracts via the operational backend's event ingestion pipeline (redundant transports with gap recovery)
Bug bounty program (coming soon)
UUPS upgrade authority gated by multisig + timelock for every proxy
Regular security reviews for contract upgrades
Last updated