Prevent
Minimal immutable accounting, isolated custody, checked arithmetic and bounded governance powers.
Woodlark’s security model starts with what can go wrong: stale prices, thin liquidity, missed maturity, compromised services and human mistakes.
No individual control carries the safety case on its own.
Minimal immutable accounting, isolated custody, checked arithmetic and bounded governance powers.
Oracle deviation checks, invariant monitoring, indexer reconciliation and operational canaries.
Per-market caps, guardian pause and position-level vault isolation; no reserve is assumed by the core.
Public runbooks, deterministic deployments, RPC failover and timelocked migrations.
The security specification makes guardian and proposed governance permissions asymmetric: stopping new risk is fast; moving value or changing economics is not. Final authority must match the independently reviewed deployment.
Inspect contract rolesThe safety case combines passing unit, fuzz and invariant suites with target-chain forks that remain a mainnet launch gate.
Critical lifecycle transitions, authorization paths and accounting boundaries.
Amounts, decimals, prices, timestamps and malicious token behaviour.
Asset conservation, share solvency, collateral isolation and debt consistency.
Canonical WETH, the selected collateral, live reference feeds and DEX routes on the target chain.
RPC loss, stale prices, keeper duplication, reorg and partial infrastructure failure.
Wallet mismatch, stale quotes, rejected simulations and accessible error recovery.
The deployment broadcaster stays locked until each required artifact can be independently inspected.
Re-run against the exact release commit
Every user and keeper path
No critical/high findings open
Official contract, two oracles and executable liquidity
Hardware-wallet and timelock exercise
Enabled only after every gate passes
This interface does not display an “audited” badge until an independent report, commit hash, finding status and re-audit evidence are publicly linked.