Audits

Fira has undergone a comprehensive security review process consisting of six independent external audits and an extended internal review. These audits focused on the Fira smart contracts and associated lending/borrowing infrastructure deployed on Ethereum mainnet.

External Audits

1. Sherlock — "Fira UZR Audit Nov25"

• Auditor: Sherlock

• Audit Name: Fira UZR Audit Nov25

• Date: November 2025

• Scope: Fira UZR module smart contracts

• Status: Done

• Description: Sherlock conducted a competitive audit of the Fira UZR contracts, leveraging their community of independent security researchers to identify vulnerabilities across the codebase. The audit covered the core lending vault, oracle adapters, interest rate models, and supporting infrastructure contracts.

2. Spearbit / Cantina — "Cantina code - Fira UZR Audit Nov25"

• Auditor: Spearbit (via Cantina platform)

• Audit Name: Cantina code - Fira UZR Audit Nov25

• Date: November 2025

• Scope: Fira UZR module smart contracts

• Status: Done

• Description: Spearbit conducted a focused security review through the Cantina platform. The audit examined the Fira UZR codebase for logic errors, access control issues, economic attack vectors, and integration risks.

3. yAudit — "Fira UZR Audit Dec 25"

• Auditor: yAudit

• Audit Name: Fira UZR Audit Dec 25

• Date: December 2025

• Scope: Fira UZR module smart contracts

• Status: Done

• Description: yAudit performed an independent security assessment of the Fira UZR contracts. This audit provided a third perspective on the codebase, focusing on edge cases, mathematical precision, and potential exploit paths that may not have been covered by the earlier reviews.

4. Sherlock — "Fira V1 Audit Feb26"

• Auditor: Sherlock

• Audit Name: Fira V1 Audit Feb26

• Date: February 2026

• Scope: Fira V1 full protocol (fixed-rate markets, variable-rate lending, AMM, router, tokens, rehypothecation, oracles)

• Status: Done

• Description: Sherlock conducted a comprehensive competitive audit of the full Fira V1 protocol, covering the complete system including FiraLendingMarket, VariableLendingMarket, FiraMarket AMM, FiraRouterV4, token layer (BT/CT/FW), RehypothecationModule, oracle pipeline, and LiquidityInjector.

5. Hexens — "Fira V1 Audit Feb26"

• Auditor: Hexens

• Audit Name: Fira V1 Audit Feb26

• Date: February 2026

• Scope: Fira V1 full protocol

• Status: Done

• Description: Hexens performed an independent security audit of the Fira V1 smart contracts, providing deep analysis of the protocol's fixed-rate and variable-rate lending infrastructure, curation vaults, and associated components.

6. yAudit — "Fira V1 Audit Mar26"

• Auditor: yAudit

• Audit Name: Fira V1 Audit Mar26

• Date: March 2026

• Scope: Fira V1 full protocol

• Status: Done

• Description: yAudit performed a follow-up independent assessment of the complete Fira V1 protocol, building on their earlier UZR-focused review to cover the expanded system including variable-rate markets, curation vaults, and the full oracle pipeline.

Internal Review

Steady Labs Internal Review

• Reviewer: Steady Labs engineering team

• Duration: Approximately one month

• Scope: Full Fira codebase and deployment configuration

• Description: In addition to the six external audits, the Steady Labs team conducted an extended month-long internal security review. This review covered code quality, deployment procedures, parameter configurations, access control setups, and operational security considerations. The internal review complemented the external audits by providing deep domain-specific knowledge of the protocol's intended behavior and design assumptions.

Summary

All audit reports and findings have informed the final deployed versions of the Fira contracts on Ethereum mainnet. The combination of six independent external audits plus an extended internal review represents a thorough security review process for the protocol's smart contract infrastructure.