# Security & Audits

<figure><img src="/files/MrkMTkNXQS1anfd08WxZ" alt=""><figcaption></figcaption></figure>

Security at BasePerp is layered: rigorous code review, conservative operations, and on-chain safeguards that make failures rare—and contained when they happen.

### 10.1 Audit Plan & Bug Bounty

Before mainnet v1, the codebase undergoes multiple independent audits. Reviews focus on vault math, margin/liquidation logic, oracle guards, upgrade paths, and emergency controls. For any material change post-launch, a targeted re-audit is scheduled.

An always-on bug bounty invites external researchers under safe-harbor rules. Rewards scale with severity, and disclosure guidelines ensure fixes ship before public write-ups. Audit reports, issue trackers, and remediation notes are published for transparency.

### 10.2 Upgradeability & Timelocks

Upgrades are controlled and observable. Critical parameter and code updates pass through public timelocks with notice windows; where feasible, we prefer canary releases and minimal upgradeable surfaces to reduce blast radius. Emergency pausers are narrowly scoped and time-boxed, with mandatory post-mortems and diff links so the community can review actions.

A public parameter registry exposes current settings—including profitFeeRate, counterSkewCap, liquidatorBounty, deviationGuard, CHR thresholds, buffer tiers, and fee schedules—so integrators and users can verify live risk knobs on-chain.

### 10.3 Key Risks & Mitigations

Some failures are endemic to on-chain trading. We address them with explicit controls:

* **Oracle failure/latency**. Dual-feed validation with deviationGuard, heartbeat checks, and automatic halts on stale/out-of-band prices.
* **Jump risk & cascades**. Partial liquidations, short volatility halts, and buffer-tier withdrawals to slow feedback loops and preserve solvency.
* **Smart-contract bugs**. Multi-audits, formal/edge-case checks on critical math, heavy fuzzing, invariant tests, and bounty incentives.
* Keeper centralization. A permissionless keeper set with transparent rewards to promote diversity and reduce single-operator dependence.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://baseperp.gitbook.io/baseperp-whitepaper/token-and-safeguards/security-and-audits.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.