Consolidated AI Audit
Last updated: March 2026 — v3.2 audit fixes applied (GROK-M01, GPT-R3-3, GROK-L02, QWEN-I03) Contracts: evently.sol v5.4 · EventlyProfiles.sol v1.3 · EventlyMarketsV3.sol v3.2 (LMSR b=200 + CLOB bids/asks) Chain: MegaETH (Chain ID 4326) — Solidity ^0.8.20
Audit Overview
All three evently smart contracts underwent multi-round security review using 7 AI audit engines. Each AI performed a 3-round systematic audit: vulnerability scanning, economic analysis, and triage with fix recommendations.
Claude Opus 4.6
v5.4 · v1.3 · V3 LMSR+CLOB
6
0
0
1
4
1
GPT-4o
v5.4 · v1.3 · V3 LMSR+CLOB
13
2
4
5
0
2
Gemini 1.5 Pro
v5.4 · v1.3 · V3 LMSR+CLOB
9
1
2
2
2
2
Grok (xAI)
v5.4 · v1.3 · V3 LMSR+CLOB
6
0
0
1
2
3
DeepSeek R1
v5.4 · v1.3 · V3 LMSR+CLOB
7
0
1
2
2
2
Qwen3.5
v5.4 · v1.3 · V3 LMSR+CLOB
4
0
0
0
1
3
Perplexity
v5.4 · v1.3 · V3 LMSR+CLOB
—
—
—
—
—
—
Cross-Tool Finding Consensus
The following findings were surfaced by multiple independent tools — highest confidence:
Missing nonReentrant on resolveMarket / cancelMarket / slashMarket
Claude, DeepSeek, Qwen, Gemini
Low
Resolved — nonReentrant added (L-01)
Dead CLOB entries can block new orders after cancellation
DeepSeek, GPT-4o
High
Resolved — _cleanBook in cancelOrder (F-DS-M02)
optionSupply not updated on peer ERC-1155 transfers
Claude, GPT-4o
Low–Medium
Acknowledged — by design, math correct
subsidyDeposited locked on market cancellation
Grok, DeepSeek
Medium
Resolved — included in claimCancelRefund pool (GROK-M01)
slashMarket cannot handle Disputed status — dispute collateral stuck
GPT-4o, Gemini
Medium
Resolved — Disputed added to slashMarket (GPT-R3-3)
View functions return silent zeros for nonexistent marketId
Grok
Low
Resolved — createdAt != 0 guard added (GROK-L02)
closeBetting emits no event
Qwen, Gemini
Info
Resolved — BettingClosed event added (QWEN-I03)
Outdated NatSpec (CPMM references, P2P sell-only description)
Grok
Info
Resolved — NatSpec updated to LMSR + CLOB
LMSR exp() overflow threshold at q/b ≈ 133
Qwen, GPT-4o
Info
Acknowledged — cap enforced, documented
quoteBuy binary search conservative flooring
Claude, Grok, DeepSeek
Low
Acknowledged — < 0.001 share impact
Creator front-runs settleDispute to claim fees before slash
GPT-4o
High
Resolved — Finalized guard on claimCreatorFees (R2-2)
Consolidated Findings & Status
Must Fix Before Deployment
No remaining open blockers.
Previously Fixed (Confirmed by All Tools)
F-01
Critical
EventlyProfiles
setAuthorizedCaller always set true
Fixed in v1.3
F-02
Critical
EventlyMarketsV3
claimCancelRefund double-counted burned shares
Resolved
A-03
Medium
EventlyMarketsV3
Order book no cap — O(n) DoS on buy
Resolved — MAX_ORDERS_PER_BOOK = 200
F-05
High
evently
clickFree did not update lastClicker
Fixed in v5.4
F-12
Low
evently
Treasury hard-revert in _processClick
Fixed in v5.4
F-DS-M02
High
EventlyMarketsV3
Dead CLOB entries permanently block new orders
Resolved — _cleanBook called in cancelOrder
R2-2
High
EventlyMarketsV3
Creator front-runs dispute to claim fees before slash
Resolved — claimCreatorFees requires Finalized
L-01
Low
EventlyMarketsV3
resolveMarket, cancelMarket, slashMarket lacked nonReentrant
Resolved — nonReentrant added
GROK-M01
Medium
EventlyMarketsV3
subsidyDeposited permanently locked on cancel/slash
Resolved — included in claimCancelRefund effective pool
GPT-R3-3
Medium
EventlyMarketsV3
slashMarket couldn't handle Disputed status — 50 USDm stuck
Resolved — Disputed added; dispute collateral swept to treasury
GROK-L02
Low
EventlyMarketsV3
View functions silently returned zeros for nonexistent markets
Resolved — createdAt != 0 guard on all views
QWEN-I03
Info
EventlyMarketsV3
closeBetting emitted no event
Resolved — BettingClosed event added
G-I01
Info
EventlyMarketsV3
Outdated NatSpec — CPMM/P2P references
Resolved — NatSpec updated
Acknowledged — By Design
A-01
Low
EventlyMarketsV3
quoteSell rounding loss near MIN_TRADE
~0.1% max, acceptable
A-02
Low
EventlyMarketsV3
optionSupply not updated on peer transfers
Tracks total minted; math correct
A-04
Low
EventlyMarketsV3
settleDispute creator collateral accounting
Logic correct
A-05
Low
EventlyMarketsV3
_cancelAllOrders unbounded gas
Low risk on MegaETH
A-06
Info
EventlyMarketsV3
Empty ERC-1155 URI
URI added pre-deployment
Q-I03
Info
EventlyMarketsV3
whitelistedCount never read on-chain
Informational only
Disputed / False Positives
GPT-R2-1
GPT-4o
"LMSR pool + subsidy may not cover max winning payout"
False positive — LMSR solvency is mathematically guaranteed: poolBalance + subsidyDeposited = C(q) ≥ q_winner. Proven formally in Claude audit.
GPT-R3-1
GPT-4o
"optionSupply desync causes over-refunds on cancel"
Partially false — claimCancelRefund uses optionSupply, which IS updated on burn. Peer transfers don't affect cancel refund math.
GEM-C01
Gemini
"P2P shares create insolvency gap"
Not applicable — P2P replaced by CLOB. CLOB fills use escrowed shares (SELL) or escrowed USDm (BUY); AMM fills mint new shares backed by net USDm. No insolvency gap.
Architecture Change: P2P → CLOB
EventlyMarketsV3 has been migrated from a P2P sell-only order book to a full Central Limit Order Book (CLOB) with bids and asks:
Order types
SELL only
BUY and SELL
Matching
Manual (buyer calls buyShares)
Automatic on placeOrder
Price priority
Ascending ask price
Price-time priority (best price, FIFO)
Dead entry cleanup
On buyShares only
Immediately on cancelOrder (F-DS-M02 fix)
AMM integration
AMM fallback after P2P fills
AMM fallback for unmatched BUY budget
Liquidity source
Sellers + AMM
Bidders + Askers + AMM (LMSR)
The LMSR AMM is retained as market maker of last resort, providing baseline liquidity independent of CLOB depth. This is the recommended design for projects with early-stage volume.
Reentrancy Surface (Consolidated)
All 7 audits confirmed no exploitable reentrancy in active trading paths.
placeOrder, sellToAMM, redeemWinnings, claimCancelRefund, claimCreatorFees, disputeMarket, settleDispute, cancelOrder, burnLosingShares
nonReentrant + CEI
✅ Safe
resolveMarket, cancelMarket, slashMarket
nonReentrant + CEI
✅ Fixed — nonReentrant added (L-01)
Economic Analysis Summary
Market Solvency (EventlyMarketsV3 LMSR) — SOLVENT
Mathematical proof:
poolBalance + subsidyDeposited = C(q) ≥ max(q[i]) = q_winner1 winning share pays exactly 1 USDm — no pro-rata rounding
redeemWinningsdraws frompoolBalancefirst, thensubsidyDepositedclaimCancelRefunduses pre-burn snapshot (F-02 fix)CLOB fills do not affect LMSR solvency: BUY orders escrow USDm, SELL orders escrow shares
Pot Solvency (evently.sol) — SOLVENT
Direct clicks: 85% to pot, 10% treasury, 5% referral
Credit clicks: exact 85% backing from
buyCredits()deposit
Contract Versions
evently.sol
0x051B5a8B20F3e49E073Cf7A37F4fE2e5117Af3b6
v5.4
F-05, F-12
EventlyProfiles.sol
0x9F0708145BCCD1F5B16F610cB8a75A63fA4A9a24
v1.3
F-01
EventlyMarketsV3.sol
Pending deployment
v3.2 LMSR+CLOB
F-02, A-03, F-DS-M02, R2-2, L-01, G-I01, GROK-M01, GPT-R3-3, GROK-L02, QWEN-I03
Next Steps
25 automated tool audits (Slither, Mythril, Aderyn, Echidna, Halmos, etc.)
Professional audit engagement — shortlist: Cyfrin, OtterSec, Sherlock, Spearbit
Keeper bot implementation — monitor
MarketFinalizedevents, callburnLosingSharesafter 24hDeployment of EventlyMarketsV3 (LMSR + CLOB) on MegaETH mainnet
This page documents pre-audit AI security review. It does not replace a professional security audit.
Last updated
Was this helpful?