All programs across the protocol
Our fourth engagement with MetaDAO, and the most extensive: a full audit of the entire protocol, from the futarchy markets to the launchpad and its Squads-based treasury flow. Forty-seven findings in total, one of them a critical loss-of-funds bug, and the team fixed everything that mattered.
MetaDAO is building futarchy: a way of governing where decisions are settled by markets instead of token votes. For each proposal, traders buy and sell conditional pass and fail tokens, and the prices those markets reach decide whether the proposal goes through. Getting the mechanism right matters as much as getting the accounting right, because a market that can be skewed produces a governance signal that is quietly wrong.
The protocol is not one program but several, each with its own job: the futarchy program runs the markets, a launchpad bootstraps new tokens, a bid-wall program supports price, and a performance-package program handles price-based unlocks. They lean on outside programs too, most notably Squads for treasury and multisig. That separation is good design, but it also means the most interesting bugs live in the seams, between MetaDAO programs and between their code and the dependencies they trust.
We pulled from across our practice for this one: DeFi accounting, governance and market-manipulation attacks, cross-program interactions, and the hidden constraints that external dependencies quietly impose. The questions we kept returning to were about fairness. Is the system fair, do users get what they expect, and can anyone engineer an advantage the design never intended to give them?
We read each program on its own, then traced the paths that cross between them and out into Squads, since that is where assumptions tend to break. Across the codebase we surfaced 47 findings, including a critical loss-of-funds bug in liquidity withdrawal that was fixed right away. The two below are not the most severe we reported. They are the two that best show the kind of issue this architecture produces.
A launchpad has to be able to reach a final state, or user funds can get stuck. MetaDAO's completion flow creates a Squads spending limit, and Squads silently rejects member lists that contain duplicates, so a launch set up with duplicate members could be locked from ever completing. A failure that lived entirely in the seam between MetaDAO's code and a hidden constraint inside a dependency they trusted.
Traders take pass and fail positions based on the rules of a live futarchy market: the pass threshold, the manipulation-resistance settings, the proposal duration. Nothing stopped those parameters from being changed while the market was still running. Someone watching a proposal trend against them could move the goalposts after others had committed capital, tilting the outcome in a way no trader could see coming.
What stood out about Accretion was how engaged they were throughout the audit, not just dropping a report at the end. They worked with us iteratively, asked the right questions about intent, and were responsive when we needed to ship.
Submit your protocol for review and we'll respond within 24 hours. Our researchers have prevented 50+ critical exploits across the Solana ecosystem.
Accretion Labs Pte. Ltd.
65 Chulia Street, #46-00 OCBC Centre
Singapore 049513
Singapore
UEN 202502288W
