Audits and Security
Overview
Hourglass employs a layered security process across the software lifecycle: ImmuneFi PR Reviews during development, Olympix automated analysis pre-release, and an independent Zellic audit prior to launch.
ImmuneFi PR Reviews
What ImmuneFi does ImmuneFi PR Reviews brings external security reviewers into GitHub pull requests so code changes are evaluated while they are being made.
Hourglass used ImmuneFi PR Reviews for:
Reviewing high-impact pull requests that modify deposit, withdrawal, and bridge flows.
Catching missing or weakened access checks introduced during refactors.
Olympix (AI-assisted analysis)
What Olympix does Olympix provides AI-assisted security analysis, including generated tests, fuzz testing on critical paths, and static analysis for authorization and reentrancy issues.
Hourglass used Olympix for:
Generating additional tests to cover edge cases before a tagged release.
Mutation testing deposits, phase transitions, redemptions, and bridge interactions.
Running static analysis and saving outputs (test diffs, fuzz seeds, issue summaries) alongside CI for reproducibility.
Zellic (independent audit)
What Zellic does Zellic performs independent smart-contract audits with manual review and re-testing after fixes. Zellic also performed the primary audit for Stable’s blockchain, providing useful context during the security review.
Hourglass engaged Zellic for:
Auditing the pre-iUSDT vault and withdrawal/bridge interfaces.
Re-testing after remediation and producing a final report with the audited commit hashes.
Final report below:
Contract Addresses
Last updated