# Security

## Audits

Hedge is audited by [Kudelski](https://kudelskisecurity.com/), [Sec3 (formerly Soteria)](https://www.sec3.dev/) and [OtterSec](https://osec.io/).

The Kudelski report can be found [here](https://drive.google.com/file/d/1eZaHWyT2zlMq6RohEYtB7SUtYMQoSDb9/view?usp=sharing).&#x20;

The OtterSec report can be found [here](https://drive.google.com/file/d/1Ky5bRxVT9ouHboF9HYC_H7ZL6ndHX0hL/view?usp=sharing).&#x20;

The Sec3 (formely Soteria) report can be found [here](https://drive.google.com/file/d/15nP55IyWuVN5DAlQZlpYVC2hNWJ42nAX/view?usp=sharing).

## Contract address

The mainnet contract has been deployed with the following address:\
[HedgeEohwU6RqokrvPU4Hb6XKPub8NuKbnPmY7FoMMtN](https://explorer.solana.com/address/HedgeEohwU6RqokrvPU4Hb6XKPub8NuKbnPmY7FoMMtN?cluster=mainnet-beta)

Please ensure you are only interacting with the following address.

## Oracles&#x20;

Vault systems that rely on a single exchange's price feed may be subject to [flash loan attacks](https://twitter.com/emilianobonassi/status/1339719073333194754?s=20). To avoid this, Hedge uses​ [Pyth’s SOL](https://pyth.network/markets/#Crypto.SOL/USD) feed as its primary source and falls back on [Switchboard’s feed](https://switchboard.xyz/explorer/0/AdtRGGhmqvom3Jemp5YNrxd9q9unX36BZk1pujkkXijL). [Chainlink](https://chain.link/) will also be used once it is deployed to Solana mainnet.

We've released upgrades to our Oracle Module which strengthen the reliability of collateral price quotes.&#x20;

Our Oracle Module checks for 3 major attributes: **Confidence Intervals**, **Price Staleness** and **Median Price Value**.&#x20;

**Confidence intervals** allow us to check when an Oracle Provider's publishers are reporting a precise price. If an Oracle Providers publishers are compromised, intending to provide an incorrect value -- A confidence interval based on the standard deviation of Oracle Publishers will be refused by our Oracle Module.&#x20;

**Price Staleness** allows us to make sure a price quote is still "fresh". If the price quoted was reported more than a minute ago, the Oracle Module will refuse the Oracle Providers Quote.&#x20;

**Median Price Value** allows us to select an appropriate price quote when all three Oracle Providers quote a value. This ensures we utilize the most accurate price value and are resistant to faulty oracle price quotes.