# PCP / L4 contracts — audit readiness checklist

Status: **PRE-AUDIT SCAFFOLD**. No contract has been deployed to mainnet. No audit is complete.

Last updated: 2026-04-17.

---

## Firms we're planning to approach

| Firm            | Specialty                                 | Typical range (per contract)   | Lead time   |
| --------------- | ----------------------------------------- | ------------------------------ | ----------- |
| OpenZeppelin    | EVM, DeFi, upgradable patterns            | $60k–$120k                     | 6–10 weeks  |
| Trail of Bits   | Adversarial review, cryptography, MPC     | $80k–$200k                     | 8–12 weeks  |
| ChainSecurity   | Formal verification + manual, DeFi-heavy  | $70k–$140k                     | 6–8 weeks   |
| Certora         | Automated formal verification (spec-based)| $50k–$100k                     | 4–6 weeks   |
| Spearbit        | Lead-auditor marketplace, distributed     | $40k–$120k                     | 4–6 weeks   |
| Code4rena       | Competitive audit contest                 | $50k–$300k prize pool          | 2 weeks live + 3 weeks judging |
| Immunefi        | Ongoing bug bounty (not a one-time audit) | $50k–$500k pool                | Always-on   |

**Planned sequence:** Slither + Mythril + Echidna in CI (free, continuous) → Certora formal verification → Trail of Bits manual audit → Immunefi bounty live before mainnet.

---

## Pre-audit CI tools (zero marginal cost)

- `slither .` — static analysis (install: `pip install slither-analyzer`)
- `mythril analyze contracts/*.sol` — symbolic execution
- `echidna-test contracts/<Contract>.sol` — property-based fuzz
- `forge coverage` — test coverage per contract
- `forge fmt && solhint contracts/**/*.sol` — style + lint

All of the above should be green in CI before requesting any paid audit.

---

## Per-contract readiness

### PCP.sol (ERC-20 utility token)

- [ ] Unit tests: mint, burn, transfer, permit, pause, ownable2step
- [ ] Invariant: total supply ≤ 1,000,000,000 * 1e18 at all times
- [ ] Invariant: sum of balances = total supply
- [ ] Fuzz: permit replay prevention
- [ ] Slither clean
- [ ] Echidna properties: no mint after renounce, pause can be un-paused only by owner
- [ ] Target auditors: OpenZeppelin or Trail of Bits (simple token, routine)
- [ ] Estimated cost: $40k–$70k

### PCPStaking.sol (5-tier lock, revenue share)

- [ ] Unit tests: every tier × every action matrix
- [ ] Invariant: sum(userWeight) = totalWeight
- [ ] Invariant: rewards conservation (no rewards created or destroyed)
- [ ] Invariant: emergency exit burns exactly 10% of principal
- [ ] Fuzz: stake/unstake/claim with random time offsets
- [ ] Echidna: no user can withdraw more than deposited + accrued rewards
- [ ] **Formal verification (Certora) strongly recommended** — reward math is the biggest footgun
- [ ] Target: Certora (FV) + Trail of Bits (manual)
- [ ] Estimated cost: $80k–$160k combined

### BridgeVerifier.sol (EIP-712 signature verifier)

- [ ] Unit tests: valid sig verifies, invalid sig rejects, wrong domain rejects
- [ ] Invariant: signer must be in allow-list
- [ ] Replay protection test: same requestId never verifies twice
- [ ] Fuzz: random bytes never verify
- [ ] Target: ChainSecurity (crypto primitives) or Spearbit
- [ ] Estimated cost: $50k–$90k

### BridgeCallRouter.sol (cross-chain call dispatcher)

- [ ] Reentrancy tests per path
- [ ] Authority tests: only verifier can route
- [ ] Gas-bomb and griefing tests
- [ ] Target: Trail of Bits (adversarial review is their sweet spot)
- [ ] Estimated cost: $60k–$120k

### NodeStaking.sol

- [ ] Slashing math invariants (cannot slash below zero)
- [ ] Unbond period tests (14 days)
- [ ] Delegator/operator split math (20/80)
- [ ] Target: OpenZeppelin or Spearbit
- [ ] Estimated cost: $50k–$100k

### NodeRegistry.sol

- [ ] Registration / deregistration tests
- [ ] Heartbeat windowing tests
- [ ] Proof submission + merkle verification tests
- [ ] Target: Spearbit or Code4rena contest
- [ ] Estimated cost: $30k–$80k

---

## Budget summary

| Path                                              | Low-end   | High-end  |
| ------------------------------------------------- | --------- | --------- |
| Minimum viable (Slither + Certora + 1 manual)     | $130k     | $230k     |
| Recommended (Certora + ToB + Spearbit + C4 contest) | $300k   | $650k     |
| Gold-plated (all firms + ongoing Immunefi $500k)  | $800k     | $1.4M     |

Immunefi bug bounty: **live before mainnet, non-negotiable**. Start at $50k testnet pool, scale to $500k within 90 days of clean mainnet.

---

## Audit-in-progress status

- PCP.sol: **not started**
- PCPStaking.sol: **not started**
- BridgeVerifier.sol: **not started**
- BridgeCallRouter.sol: **not started**
- NodeStaking.sol: **not started**
- NodeRegistry.sol: **not started**

This page updates as engagements are signed.