search
Go to evently.market
x-twitterdiscord

Pre-Audit Review

The three evently contracts have been scanned with AI-powered security tools, following the methodology from z0r0z/majeurarrow-up-right.

Full reports with per-finding review notes are in /auditarrow-up-right on GitHub.

hashtag
Contracts Reviewed

Contract
Version
Address

EventlyProfiles.sol

v1.3

0x9F0708145BCCD1F5B16F610cB8a75A63fA4A9a24

evently.sol

v5.4

0x051B5a8B20F3e49E073Cf7A37F4fE2e5117Af3b6

EventlyMarketsV3.sol

v3.0 (LMSR)

TBD (pending deployment)

hashtag
AI Tool Scan Results

Auditor
Type
Findings
Report

Claude Opus 4.6

3-round AI audit

1 Medium, 4 Low, 1 Info — no production blockers

claude.md

GPT-5.3

3-round AI audit

2 High, 2 Medium, 1 Low — findings documented

chatgpt.md

Gemini 3.1 Pro

3-round AI audit

1 Critical, 1 High, 2 Medium, 2 Low — production blockers identified

gemini.md

Perplexity GPT-5.1

3-round AI audit

1 High, 3 Medium, 4 Low — findings documented

perplexity.md

Grok-4 (xAI)

3-round AI audit

1 High, 1 Medium, 1 Low, 1 Info — findings documented

grok.md

DeepSeek R1

3-round AI audit

1 Critical, 1 High, 2 Medium, 1 Low, 2 Info — findings documented

deepseek.md

Qwen3.5

3-round AI audit

1 Critical, 1 High, 3 Medium, 1 Low — findings documented

qwen.md

Additional tool scans (Slither, Aderyn, Semgrep, Halmos, Echidna, Medusa, Foundry, and cloud tools) in progress. Reports will be added as completed.

hashtag
Cross-Tool Finding Consensus

The following findings were surfaced by multiple independent tools — highest confidence:

Finding
Tools
Severity consensus
Status

Order book griefing — no cap on sell orders per option

Claude, multiple

Medium

Fixed — MAX_ORDERS_PER_BOOK = 200

claimCancelRefund insolvency — double-counted burned shares

Multiple

Critical

Fixed — pre-burn snapshot

_endGame() address(0) winner edge case

Claude, Perplexity

Medium

Fixed in v5.4

Username case-sensitivity inconsistency

Claude, ChatGPT, Grok, Perplexity, Gemini

Low–Medium

Fixed in v1.3

On-chain randomness _shouldEnd()

All tools

Medium

By design (VRF roadmap)

allPlayers[] unbounded array

All tools

Low

Acknowledged

hashtag
Finding Severity Summary (consolidated)

Severity
Count
Fixed
False positive
By design / Acknowledged

Critical

4

2

2

0

High

4

3

0

1

Medium

8

4

0

4

Low

7

1

0

6

Informational

5

0

0

5

hashtag
Fix Log

ID
Finding
Severity
Tool(s)
Status

F-01

setAuthorizedCaller always set true

Critical

Multiple

Fixed in v1.3

F-02

claimCancelRefund double-counted burned shares

Critical

Multiple

Fixed

F-03

Multi-option AMM sell broke invariant

High

Multiple

Superseded — LMSR replaces CPMM

A-03

Order book no cap — O(n) DoS on buyShares

Medium

Claude

Fixed — MAX_ORDERS_PER_BOOK = 200

F-05

clickFree did not update lastClicker

High

Multiple

Fixed in v5.4

F-12

Treasury hard-revert in _processClick

Low

Multiple

Fixed in v5.4

F-04

Redemption rounding favours early redeemers

High

Multiple

N/A — LMSR fixed-payout model

F-07

Virtual pool underflow on extreme buys

Medium

Multiple

N/A — LMSR replaces virtual pools

PreviousSecurity OverviewNextConsolidated AI Audit

Last updated

Was this helpful?