Partnership Overview
Client
Nodo
Platform
Sui
Service
Smart Contract Security Audit
Scope
Vault & AI Integration Contracts
About Nodo
Nodo is building AI-powered vault infrastructure on Sui that enables automated liquidity management through intelligent agents. Their platform features a sophisticated vault system integrated with the Momentum executor/composer framework, allowing AI agents to manage deposits, withdrawals, redemption queues, and liquidity positions across decentralized exchanges. The system includes share-based accounting, performance fee mechanisms, and adapter interfaces for external liquidity protocols.
Security Requirements
As Nodo prepared to launch their AI-managed vault infrastructure on Sui, ensuring the security of user funds and the integrity of automated operations was critical. The team engaged FailSafe to conduct a comprehensive security audit covering the vault core, integration touchpoints, and adapter contracts.
The audit scope encompassed critical security considerations including custody integrity, redemption soundness, NAV/share accounting correctness, fee and high-water-mark accuracy, market interaction safety against front-running, oracle integration robustness, and operator/admin access controls.
Audit Methodology
FailSafe's security team conducted a multi-layered audit approach combining extensive manual code review with adversarial design analysis and targeted scenario testing:
Custody & Redemption Analysis
Deep analysis of the vault's custody model to ensure assets cannot be redirected, double-spent, or redeemed under wrong types or amounts across all entrypoints and redemption flows.
Share Accounting Verification
Validation of share mint/burn mathematics tracking total assets, pending P&L, fees, and liabilities to ensure price-per-share coherence under concurrent deposits and exits.
Front-Running Protection Assessment
Rigorous review of adapter contracts and market interactions to ensure swaps and liquidity additions cannot be profitably front-run or sandwiched through price manipulation.
Integration Boundary Testing
Traced executor/composer parameters flowing into the vault to identify where external inputs influence vault safety, including signature binding and limit propagation.
Confidential Partnership
In accordance with Nodo's security and business requirements, the detailed findings and specific vulnerabilities identified during this audit remain confidential. Our partnership focused on addressing critical security considerations across multiple severity levels, with the development team implementing fixes and documented acknowledgments for all identified issues.
The audit identified findings across multiple severity levels related to vault operations, share accounting, and system interactions. The team resolved the majority of findings with FailSafe providing verification testing and architectural recommendations for the remaining acknowledged items.
Partnership Impact
Through close collaboration with Nodo's development team, FailSafe provided comprehensive security guidance that strengthened the protocol's security posture. The engagement covered:
- Token validation architecture to prevent unauthorized asset redemption and cross-type substitution attacks
- Unique request identification system to prevent redundant matching and duplicate redemption issues
- Rate recalculation mechanisms for fair share minting based on current vault value and profit attribution
- Slippage protection implementation for adapter contracts to mitigate front-running and sandwich attack risks
Interested in Learning More?
If you're building AI-integrated DeFi systems, automated vault infrastructure, or agentic trading platforms and need comprehensive smart contract security services, our team can share more about our approach and how we've helped projects like Nodo secure their platforms.
Contact Our Security TeamReady to Secure Your AI-Powered DeFi Infrastructure?
Get in touch with our security experts for a comprehensive audit.
Learn About Smart Contract Audits