Security Audits
Olla's core contracts have been independently audited by Pashov Audit Group. The full report is available as a PDF:
About Pashov Audit Group
Pashov Audit Group consists of 40+ freelance security researchers, who are well proven in the space -- most have earned over $100k in public contest rewards, are multi-time champions or have truly excelled in audits with us. We only work with proven and motivated talent.
With over 300 security audits completed -- uncovering and helping patch thousands of vulnerabilities -- the group strives to create the absolute very best audit journey possible.
While 100% security is never possible to guarantee, we do guarantee you our team's best efforts for your project.
Check out their previous work here or reach out on Twitter @pashovkrum.
Disclaimer
A smart contract security review can never verify the complete absence of vulnerabilities. This is a time, resource and expertise bound effort where we try to find as many vulnerabilities as possible. We can not guarantee 100% security after the review or even if the review will find any problems with your smart contracts. Subsequent security reviews, bug bounty programs and on-chain monitoring are strongly recommended.
Executive Summary
A time-boxed security review of the ollafinance/core repository was done by Pashov Audit
Group, during which ast3ros, DemoreXTess, TejasWarambhe, trtrth, ValvesSecurity engaged to
review Olla. A total of 58 issues were uncovered.
| Project Name | Olla |
| Protocol Type | ERC7540 liquid staking protocol |
| Timeline | April 8th 2026 - April 21st 2026 |
| Review commit | f9c8502 |
| Fixes review commit | 5be8601 |
Scope
| Contract | Contract |
|---|---|
OllaCore.sol | RewardsAccumulator.sol |
IOllaCore.sol | IRewardsAccumulator.sol |
GovernanceLib.sol | IOllaGovernance.sol |
OllaGovernance.sol | ISafetyModule.sol |
SafetyModule.sol | RolesLib.sol |
StakingManager.sol | StakingProviderRegistry.sol |
IAztecRollup.sol | IAztecRollupRegistry.sol |
IStakingManager.sol | IStakingProviderRegistry.sol |
AztecTypes.sol | BN254Lib.sol |
QueueLib.sol | OllaVault.sol |
StAztec.sol | WithdrawalQueue.sol |
IOllaVault.sol | IStAztec.sol |
IWithdrawalQueue.sol |
Reporting a Vulnerability
Please follow the Security Policy for responsible disclosure.
Do not open a public GitHub issue or pull request for security vulnerabilities.