Audit reports
Independent third-party security audits of the on-chain programs and custodial-adjacent surfaces BitView depends on. New audits land here as they complete; existing audits stay published indefinitely with their original findings.
On-chain — merkle distributor
The merkle distributor program is a fork unmodified of the Jito/Jupiter merkle distributor. Both audits below cover the upstream program; we run the same code with no behavioral changes.
| Audit | Date | Auditor | Scope | Findings | Report |
|---|---|---|---|---|---|
| Jito Merkle Distributor (v2) | 2024 | Neodyme | Full program review of merkle distributor + tree builder | All findings remediated upstream before BitView fork | neodyme_report_v2.pdf |
| Jito Merkle Distributor | 2023 | OtterSec | Full program review of merkle distributor | All findings remediated upstream before BitView fork | ottersec_audit.pdf |
Why we trust these audits for BitView's purposes
- We did not modify the program. The exact bytecode (modulo build determinism) corresponds to audited source.
- Program ID
4ffj6hEnx6cqp4ToMALExqk6QwPNSbZyr8ro9yW1Qvokis derived from our deployment but the program logic matches the audited code. - All instructions used by BitView (
new_distributor,new_claim,claim_locked,clawback,set_clawback_receiver,set_admin,set_enable_slot) are within the audited surface.
What's NOT covered by these audits
- BitView's off-chain backend (
bitview-bot) — not yet third-party-audited beyond the existing bug bounty surface. - BitView-deployed contracts when they ship: BTV mint, vesting contract, governance contract, sponsorship escrow, swap router fee-skim instruction. Each will be independently audited by two reputable Solana audit firms before mainnet deployment.
- The Metaplex Core / Bubblegum programs themselves — we rely on the Metaplex team's audits + the bug bounty Metaplex runs.
Planned audits
| Component | Trigger | Target firms | Status |
|---|---|---|---|
| BTV mint + vesting contract | Pre-Phase 2 launch (BTV genesis) | Sec3, Neodyme, or equivalent | Engagement scheduled |
| Sponsorship escrow contract | Pre-Phase 4 launch | Independent firm; not the same as BTV audit | Engagement queued |
| Swap router fee-skim instruction | Pre-Phase 2 launch (with BTV) | Independent firm | Engagement queued |
| Governance contract | Pre-Phase 5 launch | Independent firm; high-priority because it controls protocol parameters | Engagement queued |
Backend bitview-bot end-to-end | Post-Phase 2, when revenue flows justify | Cure53, Trail of Bits, or equivalent | Engagement TBD |
Audits are scheduled as paid engagements with reputable firms — we do not exclusively rely on the bug bounty for new contract deployments. Each new audit publishes here within 30 days of report finalization.
Audit reports schema
Each audit entry on this page links to the published PDF with the following metadata:
- Auditor (firm + lead auditor where named)
- Audit dates (start and finalize)
- Scope (which files / contracts / surfaces)
- Total findings by severity (Critical / High / Medium / Low / Informational)
- Remediation status per finding
- Re-audit status (if a follow-up audit verified fixes)
- Report PDF (and source-of-truth checksum)
Bug bounty findings (cumulative)
Findings reported via the bug bounty program are disclosed here in aggregate after responsible disclosure windows close. Format:
| Quarter | Reports received | In-scope | Confirmed | Total payouts | Hall-of-fame credits |
|---|
(First entry publishes after the program goes live and the first quarter completes.)
Hall of fame
Researchers credited for security contributions to BitView, in order of first credit:
First entries publish once the bug bounty has its first finalized findings.
Credit is given with consent. Anonymous credits are listed as "Anonymous researcher" with the date and severity but no identifying information.
Audit cadence policy
- Every new on-chain contract is independently audited by at least two reputable firms before mainnet deployment.
- Material changes to existing contracts trigger a re-audit by at least one of the original auditors.
- The bug bounty program runs continuously between scheduled audits.
- An annual external review of off-chain infrastructure (
bitview-bot, CI/CD pipeline, secrets management, key custody) is conducted by a rotating roster of firms to avoid auditor familiarity bias.
Related
- Responsible disclosure — how to report new findings
- Bug bounty — payouts and scope
- Risk and compliance §smart contract risk
- On-chain program — what the audited program does