Internal Security Audit
BSC and Base contract review, live-state verification, and post-hardening assessment
Date: 2026-07-04
Audit execution: Internal AI-assisted security review executed by GitHub Copilot using GPT-5.4, based on repository source inspection, live chain-state verification, operational hardening evidence, and backend validation performed on the current PSUSD deployment.
Scope: BSC and Base PSUSD contracts. Live result: hardened in place. Residual risk: moderate.
Outcome: The PSUSD live deployment was hardened in place without redeploying the core contracts. Security posture improved materially, but the final target state has not yet been fully reached.
Before: high operational centralization risk. After: moderate residual operational risk.
This report covers the PSUSD BSC and Base contract stack, the live production deployment state, and the security hardening actions completed during this audit cycle.
PSUSDCanonicalBridgeMintBurnAttested.solPSUSDCanonicalBridgeMintBurnAttestedRedeemable.solPSUSDCanonicalBridgeMintBurnAttestedMirroredReserve.solPSUSDCanonicalBridgeMintBurnAttestedMirroredReserveStrict.solPSUSDSatelliteRedemptionVault.solPSUSDBaseAsyncRedeemCoordinator.solPSUSDReserveRebalancerCoordinator.solPSUSDAutoMintRouter.sol0x71Dab0d2954Cf9Ae7F9Ccb5E4AD4044497c4B24E0x17ce373E51d652941Ee3B4c81fA04800Ba12E1510xE6666A6Ed1fD2E7B73038aC6B4BFce20f3E4521b0x9353D661064A71bAa360238D4bBE7A2446C36DE9PSUSDCanonicalBridgeMintBurnAttested.solCoverage: Source reviewed and live ownership / role state checked.
Main notes: Source review identified surplus-attribution risk in the strict attested path. Repository hardening exists; live conclusions remain tied only to explicitly verified deployment state.
PSUSDCanonicalBridgeMintBurnAttestedRedeemable.solCoverage: Source reviewed.
Main notes: No separate standalone critical issue was isolated in this pass beyond inherited owner / operator concentration risk.
PSUSDCanonicalBridgeMintBurnAttestedMirroredReserve.solCoverage: Source reviewed.
Main notes: Repository review identified the need to bind reserve release to real bridge demand and approved recipients.
PSUSDCanonicalBridgeMintBurnAttestedMirroredReserveStrict.solCoverage: Source reviewed and live role state verified.
Main notes: Operationally important because it sits on the live BSC/Base strict token path. Residual live risk is mainly role concentration.
PSUSDSatelliteRedemptionVault.solCoverage: Source reviewed and live ownership / fee recipient / rebalancer state verified.
Main notes: Owner and fee-recipient posture improved. Rebalancer concentration remains an open residual risk.
PSUSDBaseAsyncRedeemCoordinator.solCoverage: Source reviewed and live deployment status partially checked.
Main notes: Repository source includes stronger pause / cancel behavior. Live bytecode / source parity remains a follow-up item.
PSUSDReserveRebalancerCoordinator.solCoverage: Source reviewed.
Main notes: Repository hardening added duplicate active-request blocking. Residual live concern is operational key concentration.
PSUSDAutoMintRouter.solCoverage: Source reviewed.
Main notes: Included in code-review scope. No standalone live critical issue was elevated above the broader PSUSD admin and operator control risks in this pass.
0xc6dB5C0d67A2e6F8556acE7f3e0d8cDD916286Da0x293Be3DB5cdD11c2CeA7D739626ba910322926F90xCDb08A6ee057AbFeA7BD4b2F4A3c3A536cae5A8D0x756f2Ee96B7c57932FDFf8090cb671C1779581100x756f2Ee96B7c57932FDFf8090cb671C177958110The contract review portion of this audit covered the PSUSD Solidity code itself, not only the live operational setup. That review identified important code-level areas around surplus attribution, reserve release controls, and operator-assisted guardrails in async / rebalancer support contracts.
Impact: these were real contract-level security and correctness concerns in the reviewed codebase, especially for future deployments or parity-sensitive live components.
Recommendation: keep the hardened repository implementations as the source of truth for future deployments and verify live bytecode parity where operationally relevant.
The live owner is no longer the original concentrated operational wallet, but it is still a single EOA rather than a multisig.
Impact: compromise of the new owner EOA would still allow owner-level reconfiguration.
Recommendation: migrate owner to a multisig.
The reserve-moving role and the Base vault rebalancer are still on the legacy hot wallet.
Impact: reserve and liquidity operations still have a larger-than-ideal blast radius.
Recommendation: split these hot roles when operations are ready.
The local repository contains stronger async control logic than what was earlier observed on the documented live coordinator deployment.
Impact: emergency assumptions for the async redeem coordinator should be treated cautiously until bytecode parity is confirmed.
Recommendation: perform explicit live bytecode/source parity verification for the coordinator.
This hardening cycle intentionally preserved live contract addresses and existing integrations.
The repository source tree contains additional hardening work beyond the live in-place role rotation.
Important distinction: this audit explicitly separates contract-level source hardening from what was directly verified on live deployed contracts. The PSUSD BSC and Base contracts were part of the audit scope, but live conclusions are intentionally limited to state and behavior that were directly validated.
0x765edb258bdb2e9deb39e7f5be70e31d03dbb2519f7879e730d2e1378392a15a0xccaa93cb31af2ed85759eca3cc547fae053a5b9b5306a31f44ebda028fa011320x0edf14bb071e2020190d2e83eea7a2b613fe1fb0c713de975a02d68a996724f50xa29936b049aafb6a78c58b206c243809cb51bde070b7e6519b850a0ac70b41570x4795e846ca38a61daec5ae455a100ad886326a6a63e07bb2f350b2f53769cfe70x3bbc339441be3a6023e7db68da005ccec15dc04d6478cb2c291308e0c5f747acThis audit cycle produced a real live security improvement. The deployment is safer than before, but not yet at its ideal end state.
Priority next steps are: multisig owner migration, reserve operator / rebalancer split, and explicit live coordinator parity verification.