Security & operations documents
Security overview
Steer operates contracts, adapters, offchain workers, data providers, and privileged operating paths around onchain capital. The security package therefore covers both reviewed code and the operating controls used to deploy, monitor, update, pause, and recover the system.
Independent reviews
The legacy source set contains the following 13 unique public report links. Steer does not use a single aggregate audit count in this room because one engagement can produce multiple reports and a report supports only the code and scope it reviewed.
| Report | Published date | Auditor | Scope |
|---|---|---|---|
| Periphery updates | 2025-12-04 | Omniscia | Periphery updates |
| Base liquidity vaults | 2025-11-27 | Omniscia | Base liquidity vaults |
| Poolshark vaults | 2025-11-27 | Omniscia | Poolshark vaults |
| SushiSwap fee-management ALM | 2025-11-18 | Omniscia | Fee-management ALM |
| Blackhole position manager | 2025-10-16 | Omniscia | Blackhole position manager |
| Uniswap v4 liquidity manager | 2025-09-19 | Omniscia | Uniswap v4 liquidity manager |
| PancakeSwap Infinity hook | 2025-09-03 | Omniscia | PancakeSwap Infinity hook |
| Algebra v4 hook integration | 2025-08-28 | Omniscia | Algebra v4 hook integration |
| Options-vault report | 2024-04-03* | Hashlock | Options vaults with Stryke |
| Algebra Integral position manager and Smart Rewarder | 2024-05-02 | Omniscia | Position manager and Smart Rewarder |
| Algebra strategies | 2023-10-23 | Omniscia | Algebra strategies |
| Core implementation | 2023-10-23 | Omniscia | Core implementation |
| Early core-contract report | 2023-05-02 | Omniscia | Early core contracts |
*The date shown is the label in the prior report index. The controlled audit register uses the date stated in the report itself.
Control areas
| Control area | Coverage | Detailed material |
|---|---|---|
| Smart-contract change management | Review, release approval, privileges, timelocks, guardians, and deployed versions | NDA / restricted |
| Offchain infrastructure | Worker versions, rollout controls, health, telemetry, alerting, and rollback | Restricted |
| Administrative authority | Role inventory, multisig or timelock policy, access review, and recovery | Restricted |
| Integration reliability | Adapter versions, provider dependencies, redundancy, and failure handling | NDA / restricted |
| Monitoring and incident response | Severity, detection, escalation, communication, and postmortem process | Restricted |
| Business continuity | Backup, recovery, dependency, and continuity testing | Restricted |
Matador assurance
Matador’s security package connects the policy mechanism to a deployed product path. It includes the policy schema, authority model, covered paths, deployed versions and addresses, pre- and post-condition tests, example allowed and reverted transactions, independent-review mapping, and emergency or exception controls.
Read the Matador technical overview →
Security document index
| Material | Access | What investors can review |
|---|---|---|
| Public independent-review links | Link access | Open the independent reviews now |
| Audit-to-release and deployment mapping | NDA | Release and deployment mapping after NDA |
| Finding, remediation, and retest register | NDA / restricted | Remediation summary after NDA; sensitive finding details reviewed separately |
| Smart-contract authority and change-control package | Restricted | Authority model, privileged roles, and change-control procedures during security diligence |
| Infrastructure architecture and access controls | Restricted | Infrastructure design and access-control procedures during security diligence |
| Monitoring, incident, and near-miss records | Restricted | Incident-response process and relevant records during security diligence |
| Business-continuity and recovery tests | Restricted | Recovery procedures and test evidence during security diligence |
| Matador policy and transaction-assurance package | NDA / restricted | Policy specifications after NDA; sensitive transaction evidence reviewed separately |
Contact Steer to arrange NDA access or a security diligence review.
