Contract audit before mainnet deployment

[alexanderkoh]

Description

All contracts need independent security review before mainnet deployment.

Contracts to audit

1. Treasury (~100 LOC) — simple but holds all FLASH tokens
2. Campaign Manager v2 (~550 LOC) — core protocol logic
3. TinyAMM (~500 LOC) — protocol-owned AMM with new swap_received/deposit functions

Key areas to review

• Authorization: all state-changing functions have proper require_auth()
• Token handling: no funds can be lost or stuck
• Vesting math: linear vesting at 0%, partial, 100% — rounding, edge cases
• Reward distribution: proportional to weight, no over-distribution
• Re-join accumulation: LP and weight correctly updated
• swap_received / deposit — no auth means anyone with tokens in the AMM can trigger
• Integer overflow: all arithmetic uses checked_mul/checked_div
• Storage TTL: persistent entries don't expire unexpectedly
• Cross-contract calls: TinyAMM and Hoops adapter interactions

Known issues to flag to auditor

• TinyAMM lp_transfer has no require_auth — needs fixing
• swap_received intentionally has no auth (tokens must be pre-transferred)
• Campaign Manager uses authorize_as_current_contract — removed in latest version in favor of pre-transfer pattern