Security Model
Threat Matrix
| Threat | Severity | Mitigation |
|---|---|---|
| Reentrancy | Critical | Custom ReentrancyGuard on all state-mutating facets (EIP-1153 tstore/tload) |
| Oracle manipulation | High | TWAP (not spot) as primary anchor; staleness circuit breaker |
| Flash loan attacks | High | Progressive fees make large instant trades prohibitively expensive |
| Sandwich attacks | High | Slippage protection in Router; deadline enforcement; quadratic fees |
| Storage collision | High | Single AppStorage struct at deterministic slot (EIP-2535 pattern) |
| Facet selector clash | Medium | DiamondCutFacet validates no duplicate selectors on upgrade |
| Integer overflow | Medium | Solidity 0.8.27 checked math; unchecked only in proven-safe paths |
| Unauthorized upgrade | High | OwnershipFacet restricts diamondCut to owner |
| Token transfer failure | Medium | SafeTransfer library handles non-standard ERC-20 returns |
| Price manipulation | High | Sigmoid curve bounds max price impact; fees punish large trades |
Access Control
| Operation | Who Can Call |
|---|---|
| Create pool | Anyone (permissionless) |
| Initialize pool | Anyone |
| Swap | Anyone |
| Add/remove liquidity | Anyone |
| Collect LP fees | Position owner only |
| Collect protocol fees | Owner or treasury |
| Set fee config | Owner only |
| Set oracle peg | Owner only |
| Pause/unpause | Owner or pause guardians |
| Diamond cut (upgrade) | Owner only |
| Execute orders | Anyone (keeper bounty) |
| Advance epoch | Anyone |
Reentrancy Protection
The protocol uses EIP-1153 transient storage for the reentrancy guard:
solidity
// Before state mutation
tstore(REENTRANCY_SLOT, 2) // _ENTERED
// After state mutation
tstore(REENTRANCY_SLOT, 1) // _NOT_ENTEREDTransient storage is cleared at the end of each transaction, saving approximately 2,600 gas compared to traditional SSTORE-based guards.
Flash Loan Safety
Flash loans are safe because:
- The fee (default 9 bps) is enforced at the protocol level
- The callback must return a specific magic value
- Tokens are pulled back in the same transaction
- The progressive fee structure makes flash-loan-based price manipulation unprofitable
Upgrade Security
Current: Owner-controlled diamondCut with no timelock.
Planned upgrade path:
- Phase 1 (current): Owner-controlled diamondCut
- Phase 2: 48-hour timelock on all facet upgrades
- Phase 3: Governance token + on-chain voting
- Phase 4: Freeze diamondCut permanently (immutable)
Audit Status
- Static analysis: Slither configured (slither.config.json)
- Fuzz testing: Foundry fuzz tests with 10,000+ runs per property
- Unit tests: 23 Hardhat tests covering all facets
- Integration tests: 7 E2E scenario tests
- Live tests: 23/23 checks passing on Paxeer mainnet
License
Licensed under the GNU General Public License v3.0--see LICENSE for terms.
Copyright (C) 2026 PaxLabs Inc.
SPDX-License-Identifier: GPL-3.0-onlyContact & Resources
| Resource | Link |
|---|---|
| Protocol Documentation | docs.hyperpaxeer.com |
| Block Explorer | paxscan.paxeer.app |
| Sidiora Exchange | app.hyperpaxeer.com |
| Website | paxeer.app |
| Twitter/X | @paxeer_app |
| General Inquiries | infopaxeer@paxeer.app |
| Security Reports | security@paxeer.app |