# HYBX OMNL — external audit checklist

Use this with a third-party firm before high-value production. Scope aligns with [SECURITY_THREAT_MODEL.md](SECURITY_THREAT_MODEL.md).

## Solidity (in scope)

- [ ] `PolicyMath.sol` — rounding, overflow, parameter bounds vs documented policy.
- [ ] `InstrumentRegistry.sol` — role changes, line lifecycle, token registration assumptions.
- [ ] `ReserveCommitmentStore.sol` — `commitReserve` / `commitReserveAttested`, ECDSA digest, replay, threshold logic.
- [ ] `ComplianceCore.sol` — `getCompliance` semantics vs `PolicyMath`, stale attestation, `reportingCompliant`.
- [ ] `OMNLCircuitBreaker.sol` — pause semantics, admin roles.
- [ ] `OMNLMirrorReceiver.sol` — CCIP payload decoding, selector allowlist, monotonic version.
- [ ] `OMNLMirrorCoordinator.sol` — native vs ERC-20 fee path, `approve`/`SafeERC20`, reentrancy surface (minimal).

## Operational evidence to provide auditors

- [ ] Deployed addresses per chain (138 / 651940) and verification on block explorers.
- [ ] Key ceremony summary (HSM / multisig); no plaintext prod keys in CI.
- [ ] CCIP lane configuration (router, selectors, fee token).
- [ ] Sample `ReserveCommitted` and mirror receive transactions on testnet/staging.

## Off-chain (optional scope)

- [ ] Token-aggregation OMNL routes — rate limits, `OMNL_API_KEY` usage, webhook HMAC verification at receivers.
- [ ] IPSAS registry / journal matrix change control (who can commit, how hash is anchored).

## Sign-off

| Finding | Severity | Remediation | Retest date |
|---------|----------|-------------|-------------|
| | | | |