DAO
      Back to home
      1. Star Atlas Help Center
      2. DAO

      Is the DAO secure?

      ATMTA has engaged leading cybersecurity firm Kudelski Security to audit the programs used by the DAO.

      A look at the audits, best practices, and ongoing efforts to ensure the safety of Star Atlas DAO systems.

      Third-Party Security Audits

      ATMTA engaged Kudelski Security, a leading blockchain cybersecurity firm, to audit the DAO's core programs:

      • Audited Programs: GATE Proxy Rewarder and Snapshot

      • Audit Dates: June 20 – July 1, 2022

      • Audit Goals:

        • Assess ATMTA’s overall security posture

        • Identify vulnerabilities or logic flaws

        • Recommend improvements

      Categories Audited:

      • Authentication

      • Authorization & Access Control

      • Injection & Tampering

      • Configuration

      • Logic Flaws

      • Cryptography

      Findings and Results

      Kudelski discovered:

      • 1 medium-severity issue

      • 1 low-severity issue

      • 4 informational items

      ATMTA has mitigated all findings. No issues affected user funds

      Additional DAO Programs and Security

      Other DAO programs (Tribeca’s locked-voter and governor, and the Goki SmartWallet) were audited separately by third parties and are planned for further audits by Kudelski.

      ATMTA continues to work with Kudelski to perform threat modeling on high-risk entry points across all Solana-based programs.

      Important Note About Smart Contracts

      No audit can guarantee 100% safety of any program. Smart contracts—especially those managing treasury assets—carry inherent risks. Irreversible transactions mean caution is always necessary.

      Design Measures to Protect Users

      ATMTA has implemented strong protections:

      • Escrowed User Funds: Users lock funds to individual escrow accounts that cannot be withdrawn by others

      • Minimal Active Treasury: The rewards treasury is kept as small as necessary to cover pending rewards

      • Multisig Governance (Coming Soon): Treasury emergency controls and upgrade authorities will eventually move to multisig control

      • Controlled Deployments: ATMTA re-deploys audited third-party programs to ensure control over the deployed source code

       Confidence in Code Readiness

      • Locked-voter program has already been live on Solana mainnet for months

      • Over $6 million in Solana tokens are locked in the Tribeca deployment

      • Tens of millions more are deployed in similar forks

      • ATMTA has committed to locking over $80 million in team POLIS, underscoring trust in the system’s security