Security
This page outlines the security measures implemented in Möbius to protect user funds and ensure system integrity. Security is an ongoing priority, and we will continue to add and refine measures.
Last updated
This page outlines the security measures implemented in Möbius to protect user funds and ensure system integrity. Security is an ongoing priority, and we will continue to add and refine measures.
Last updated
Möbius is undergoing an audit by a reputable third-party smart contract security auditor. The full audit report will be made available prior to the mainnet launch, and additional details will be disclosed as part of our commitment to transparency and security.
The Möbius contracts have undergone formal verification, a rigorous method of ensuring security that is adopted by blue-chip DeFi protocols. Through formal verification, we mathematically prove that the Möbius system is resistant to attacks. This process involves solving Boolean satisfiability problems to ensure that certain properties hold true in all transaction scenarios. In simpler terms, we have proven that Möbius contracts cannot leak liquidity in any sequence of function calls no matter the inputs.
Acknowledgement: Special thanks to Mate Soos at Ethereum Foundation for their work on and their invaluable support in our verification process.
To further reduce the attack surface and increase user confidence, the Möbius pool features a restrictive interface that disallows functions like swap, deposit, and withdraw from being called within the same transaction. This measure effectively makes flash loan attacks, which rely on executing multiple operations in a single transaction, virtually impossible. This security measure does not compromise the user experience or composability of Möbius, as normal use cases for traders, liquidity providers, aggregators, and arbitragers do not require multiple function calls within a single transaction.