search

Security Overview

Fira treats security as a structural requirement. Before any user funds were accepted, Fira smart contracts underwent six independent external audits, an extended internal security review, and a live bug bounty program was established. Every deployed contract is verified on Etherscan.

hashtag
Audit Coverage

Six independent audits were conducted on Fira contracts between November 2025 and March 2026:

Audit
Auditor
Date
Type

Fira UZR Audit Nov25

Sherlock

November 2025

Competitive audit

Fira UZR Audit Nov25

Spearbit / Cantina

November 2025

Focused security review

Fira UZR Audit Dec25

yAudit

December 2025

Independent assessment

Fira V1 Audit Feb26

Sherlock

February 2026

Competitive audit

Fira V1 Audit Feb26

Hexens

February 2026

Independent audit

Fira V1 Audit Mar26

yAudit

March 2026

Independent assessment

All findings were addressed before deployment. Full reports and methodology details are on the Audits page.

In addition, the Steady Labs engineering team conducted an extended internal security review covering code quality, deployment procedures, parameter configurations, access controls, and operational security.

hashtag
Bug Bounty

Fira maintains a live bug bounty program through Sherlock with rewards up to $500K for critical vulnerabilities. The program covers all deployed Fira V1 contracts on Ethereum mainnet.

For the full scope, reward tiers, and submission process, see the Bug Bounty page.

hashtag
Smart Contract Architecture

Fira's system is composed of three core modules:

  • Lending Market — Core lending vault, collateral management, liquidations, interest accrual, and ERC-4626 curation vaults

  • Fixed-Rate AMM and Tokenization — BT/CT/FW token system, fixed-rate price discovery AMM, and rehypothecation module

  • Router — Diamond-style proxy dispatching to modular action contracts for single-transaction user flows

Access control is enforced through role-based permissions and multisig governance. For the full architecture, see Architecture Overview.

hashtag
Risk Framework

Fira documents six primary risk categories:

  1. Interest Rate Risk

  2. Liquidation Risk

  3. Bad Debt Risk

  4. Collateral Risk

  5. Liquidity Risk

  6. Smart Contract Risk

For the full risk index, see Risk Framework. For legal disclaimers, see Risk Disclaimers.

hashtag
Key Principle

Audits, reviews, and bounties reduce certain risks but do not eliminate them. Fira is experimental software. Users should understand all risk categories before interacting with the protocol.

PreviousCuration VaultsNextAudits

Last updated