Security

Security documentation for the Seesaw protocol.

Overview

Seesaw is designed with security as a core principle:

Permissionless: No trusted parties required
Trustless: Protocol enforces all rules on-chain
Audited: Security review completed
Open Source: Publicly verifiable

In This Section

Threat Model - Attack surfaces and mitigations
Invariants - Protocol guarantees

Key Security Properties

Property	Description	Enforcement
Solvency	Vault always covers payouts	Runtime checks
No Naked Shorts	Can only sell owned shares	Balance validation
Deterministic	Same inputs = same outputs	Pure functions
Immutable Snapshots	Oracle prices cannot change	One-time write
Idempotent Operations	Safe to retry	State checks

Trust Assumptions

Component	Trust Level	Justification
Solana Runtime	Full	Foundation of execution
Pyth Oracle	High	90+ decentralized providers
SPL Token	Full	Battle-tested standard
Protocol Code	Verified	Audited, open source
Crank Operators	None	Permissionless, incentivized
Users	None	Assume adversarial

Security Measures

Arithmetic Safety

// All arithmetic uses checked operations
let result = a.checked_add(b).ok_or(Error::Overflow)?;
let product = x.checked_mul(y).ok_or(Error::Overflow)?;

Account Validation

// Validate ownership, type, and PDA derivation
validate_owner(account, &program_id)?;
validate_discriminator::<MarketAccount>(account)?;
validate_pda(account, seeds, bump, &program_id)?;

State Machine

// Enforce valid state transitions
require!(
    can_transition(current_state, instruction),
    Error::InvalidStateTransition
);

Reporting Vulnerabilities

Responsible Disclosure

If you discover a vulnerability:

DO NOT exploit or publicize
Report via security@seesaw.markets
Include detailed reproduction steps
Allow 90 days for fix

Bug Bounty

Severity	Reward
Critical	Up to $100,000
High	Up to $25,000
Medium	Up to $5,000
Low	Up to $1,000

Scope

In Scope:

Core protocol smart contract
Oracle integration
Order book logic
Settlement logic

Out of Scope:

Frontend applications
Third-party integrations
Already known issues

Audit Status

January 2026 Audit

Finding	Status
Oracle Price Staleness	Mitigated
Settlement Double-Claim	Mitigated
Crank Liveness DoS	Accepted Risk
Epoch Boundary Race	Mitigated
Price Conversion Precision	Mitigated

See Threat Model for details.

Next Steps

Review Threat Model
Understand Invariants