# Security

## Audits

Hedge is audited by [Kudelski](https://kudelskisecurity.com/), [Sec3 (formerly Soteria)](https://www.sec3.dev/) and [OtterSec](https://osec.io/).

The Kudelski report can be found [here](https://drive.google.com/file/d/1eZaHWyT2zlMq6RohEYtB7SUtYMQoSDb9/view?usp=sharing).&#x20;

The OtterSec report can be found [here](https://drive.google.com/file/d/1Ky5bRxVT9ouHboF9HYC_H7ZL6ndHX0hL/view?usp=sharing).&#x20;

The Sec3 (formely Soteria) report can be found [here](https://drive.google.com/file/d/15nP55IyWuVN5DAlQZlpYVC2hNWJ42nAX/view?usp=sharing).

## Contract address

The mainnet contract has been deployed with the following address:\
[HedgeEohwU6RqokrvPU4Hb6XKPub8NuKbnPmY7FoMMtN](https://explorer.solana.com/address/HedgeEohwU6RqokrvPU4Hb6XKPub8NuKbnPmY7FoMMtN?cluster=mainnet-beta)

Please ensure you are only interacting with the following address.

## Oracles&#x20;

Vault systems that rely on a single exchange's price feed may be subject to [flash loan attacks](https://twitter.com/emilianobonassi/status/1339719073333194754?s=20). To avoid this, Hedge uses​ [Pyth’s SOL](https://pyth.network/markets/#Crypto.SOL/USD) feed as its primary source and falls back on [Switchboard’s feed](https://switchboard.xyz/explorer/0/AdtRGGhmqvom3Jemp5YNrxd9q9unX36BZk1pujkkXijL). [Chainlink](https://chain.link/) will also be used once it is deployed to Solana mainnet.

We've released upgrades to our Oracle Module which strengthen the reliability of collateral price quotes.&#x20;

Our Oracle Module checks for 3 major attributes: **Confidence Intervals**, **Price Staleness** and **Median Price Value**.&#x20;

**Confidence intervals** allow us to check when an Oracle Provider's publishers are reporting a precise price. If an Oracle Providers publishers are compromised, intending to provide an incorrect value -- A confidence interval based on the standard deviation of Oracle Publishers will be refused by our Oracle Module.&#x20;

**Price Staleness** allows us to make sure a price quote is still "fresh". If the price quoted was reported more than a minute ago, the Oracle Module will refuse the Oracle Providers Quote.&#x20;

**Median Price Value** allows us to select an appropriate price quote when all three Oracle Providers quote a value. This ensures we utilize the most accurate price value and are resistant to faulty oracle price quotes.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hedge.so/protocol-overview/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.