Pre-Audit Checklist

Owner/admin privileges are properly restricted

Tip: Use multi-sig or DAO governance for critical functions

Multi-sig or timelock for critical functions

Tip: Minimum 2/3 multi-sig recommended for admin keys

Role-based access control implemented

Tip: Separate roles for different permission levels

Emergency pause functionality exists

Tip: Circuit breaker pattern for quick response to exploits

Mint authority is disabled or controlled

Tip: Disabling mint prevents infinite token creation

Freeze authority is disabled or documented

Tip: If retained, document the governance process

Token metadata is immutable or controlled

Tip: Prevent unauthorized metadata changes

Transfer hooks reviewed for security

Tip: Ensure hooks cannot block transfers maliciously

Liquidity is locked for appropriate duration

Tip: Minimum 6 months lock recommended

LP tokens are not held by single wallet

Tip: Distribute LP tokens to prevent rug pulls

Tokenomics reviewed for sustainability

Tip: Ensure emission schedule is realistic

Slippage parameters are reasonable

Tip: Max slippage should protect against MEV

No unchecked arithmetic operations

Tip: Use Rust's checked_* methods or overflow checks

Reentrancy guards in place

Tip: Use mutex patterns for state-changing functions

Integer overflow/underflow protection

Tip: Enable overflow checks in Cargo.toml

Proper error handling implemented

Tip: Use custom error types with clear messages

Oracle manipulation protections

Tip: Use TWAP or multiple oracle sources

Flash loan attack mitigations

Tip: Add delays or multi-block confirmations

Cross-program invocation (CPI) validated

Tip: Validate all incoming CPI calls

Account validation for all inputs

Tip: Verify ownership, type, and state of accounts

Signer checks on all privileged operations

Tip: is_signer check on all admin functions

Owner validation for PDAs

Tip: Verify program ID owns the PDA

Rent exemption properly handled

Tip: Ensure accounts are rent-exempt

Account discriminators implemented

Tip: Use Anchor discriminators or manual tagging