• The engagement teams will not start looking at a codebase until the finalized frozen commit is provided.
• Guardian will not review codebases with < 80% test coverage, exceptions may be made if there is an understanding that this will not be the final audit.
• The protocol team is expected to prepare the necessary documentation and diagrams to shorten the context phase of the audit, including but not limited to:
  • What are the goals of the protocol?
  • What is the user flow?
  • Where are funds stored?
  • Who are the key actors in the system and what are their levels of access control?
• The protocol team acknowledges that Guardian recommends that they seek another security review if 5 or more critical/high severity findings are uncovered.