# Audits and Security

### Overview

Hourglass employs a layered security process across the software lifecycle: ImmuneFi PR Reviews during development, Olympix automated analysis pre-release, and an independent Zellic audit prior to launch.

#### ImmuneFi PR Reviews

**What ImmuneFi does**\
ImmuneFi PR Reviews brings external security reviewers into GitHub pull requests so code changes are evaluated while they are being made.

**Hourglass used ImmuneFi PR Reviews for:**

* Reviewing high-impact pull requests that modify deposit, withdrawal, and bridge flows.
* Catching missing or weakened access checks introduced during refactors.

#### Olympix (AI-assisted analysis)

**What Olympix does**\
Olympix provides AI-assisted security analysis, including generated tests, fuzz testing on critical paths, and static analysis for authorization and reentrancy issues.

**Hourglass used Olympix for:**

* Generating additional tests to cover edge cases before a tagged release.
* Mutation testing deposits, phase transitions, redemptions, and bridge interactions.
* Running static analysis and saving outputs (test diffs, fuzz seeds, issue summaries) alongside CI for reproducibility.

#### Zellic (independent audit)

**What Zellic does**\
Zellic performs independent smart-contract audits with manual review and re-testing after fixes. Zellic also performed the primary audit for Stable’s blockchain, providing useful context during the security review.

**Hourglass engaged Zellic for:**

* Auditing the pre-iUSDT vault and withdrawal/bridge interfaces.
* Re-testing after remediation and producing a final report with the audited commit hashes.
* Final report below:

{% file src="<https://1193256607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSLBuiet6WkdhFLhPYJvR%2Fuploads%2FlmeFNodYBA3Xf9TXBNCs%2FStable%20Predeposit%20-%20Zellic%20Audit%20Report.pdf?alt=media&token=60d58348-f6ad-4cb7-af59-c500dfcdd62d>" %}

#### Contract Addresses

* <https://etherscan.io/address/0xd9b2cb2fbad204fc548787ef56b918c845fcce40>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hourglass.com/stable-early-access-program/audits-and-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.