Don't trust us. Verify.

Middn's smart contracts and ZK circuits have been independently audited by the best in the industry. Every report is public. Every line of code is open-source. Read it yourself.

0 critical

Audited twice. Zero critical findings.

Trail of Bits and Halborn — two of the most respected security firms in crypto — have reviewed every contract and circuit. A $250k bug bounty is live at Code4rena.

Last auditApril 2026

Next auditPre-v0.2 release

Trail of Bits security firm · NYC

passed ✓

DateMar 2026

Duration6 weeks

Engineers4 senior

LOC reviewed~3,200

what they reviewed ↓

Escrow factory & instance contracts
Atomic swap state machine
Fee distribution logic
Refund & timeout paths

0Critical

0High

2Medium

4Info

Read report ↓ View diff

Halborn cryptography & ZK · Miami

passed ✓

DateApr 2026

Duration8 weeks

Engineers3 cryptographers

Circuits12 reviewed

what they reviewed ↓

Groth16 ZK circuits (conditionCheck, balanceProof)
Trusted setup ceremony verification
AES-256 + X25519 client-side crypto
Key derivation & forward secrecy

0Critical

0High

1Medium

3Info

Read report ↓ View diff

Code4rena public contest · global

live ✦

StartedMay 2026

EndsJun 15, 2026

Wardens142 enrolled

Prize pool$250,000

what's in scope ↓

Full smart contract suite (v0.1.4)
ZK verifier contract
Cross-chain bridge logic
Front-end signing flow

—Critical

—High

3Medium

17Info

Submit a finding → Live results

Internal Sec. continuous · Middn team

ongoing

CadenceWeekly

Coverage97% test

Fuzz runs200k+/day

CI gates42 checks

continuous checks ↓

Echidna + Foundry fuzzing
Slither + Mythril static analysis
Formal verification (Certora)
Property-based testing on every PR

—Critical

—High

—Medium

—Info

GitHub Actions → Test coverage

found a bug? ↓

Get paid to break us.

We pay serious money for serious findings. The bigger the impact, the bigger the bounty. No legal threats, no NDAs, no gotchas.

bug bounty ↓

up to $250,000

Find a critical bug in our contracts or circuits and we'll pay you generously. The Code4rena contest is open through June 15, with a dedicated rewards table for severity tiers.

Submit a finding →

our process ↓

How we ship safely.

Every line of code that touches user funds goes through the same gauntlet. No exceptions, not even for hotfixes.

Write, fuzz, repeat.

Every contract change runs through Echidna + Foundry fuzzers for 200,000+ iterations daily. Property-based tests catch invariant violations before code review.

Internal review.

Two engineers must sign off. No solo merges, ever. We use Slither + Mythril static analysis on every PR. Anything touching state requires a Certora formal spec.

External audit.

Before any production deployment, the change goes to Trail of Bits or Halborn for review. We don't ship to mainnet until the report comes back clean.

Public bug bounty.

Once deployed, the code is open to public review on Code4rena and Immunefi. Wardens get up to $250k for critical findings. Lower tiers paid in stablecoins, in 7 days.

Monitor in production.

Real-time alerting on every contract via Forta + Tenderly. Anomaly detection, large transfers, unexpected state. Anything weird wakes someone up at 3am.

transparency ↓

Verify everything.

open-source

Every line of code, every circuit, every test. Published under MIT.

GitHub

verified on-chain

Every contract is verified on Etherscan with matching bytecode hashes.

Etherscan

reproducible builds

Clone, compile, hash. Same bytes as what's on mainnet. Always.

How to verify

questions? ↓

Security is a team sport.

Want to dig deeper? Read the full whitepaper, run our circuits yourself, or reach out to our security team directly.

Read the whitepaper → [email protected]