Back to Blog
BenchmarkSmart ContractsWeb3Governance

88% High Detection on veRWA in 19 Minutes: Vote-Escrow Governance Benchmark

March 19, 20264 min readRedVolt Team

Vote-escrow governance is a specific kind of nightmare to audit. Locks, epochs, weight decay, delegation, gauge systems — the bugs live in the interaction between time and state, not in individual functions. veRWA's Code4rena 2023-08 contest exposed eight high-severity findings across 749 lines of Solidity. We ran our AI engine against the same codebase and caught seven of the eight — in 18.7 minutes.

The Results

88%

High Detection (7/8)

67%

Medium Detection (2/3)

18.7 min

Total Audit Time

749

Lines of Solidity

This is the kind of protocol where most automated scanners produce noise and no signal. Pattern matchers do not understand the concept of "vote delegation expiring at the wrong epoch." You need an engine that can reason about temporal state, role hierarchies, and adversarial incentives. That is what we built.

The Target: veRWA Governance

veRWA is a Curve-style vote-escrow governance system adapted for real-world asset gauges. It consists of four main contracts tightly woven together:

Governance Surface

VotingEscrow

Users lock tokens for time-weighted voting power. Lock duration drives voting weight via linear decay.

GaugeController

Weekly weight snapshots per gauge. Voters direct their voting power. Admins can add or remove gauges.

LendingLedger

Epoch-based reward accrual for depositors into whitelisted markets. Depends on VotingEscrow balances at epoch boundaries.

Delegation

Voters can delegate their voting power. The delegation unwind path is where the worst bugs lived.

Every High-Severity Finding

C4 High Finding

  • H-01: Weekly reward theft via point-in-time balance snapshots
  • H-02: Vote multiplication — GaugeController votes not invalidated on delegation change
  • H-03: Adding a gauge without admin init loses all voting power
  • H-04: Delegated votes locked when owner lock expires
  • H-05: DoS on all gauge functions via slope underflow
  • H-06: Forced long lock times to undelegate back to self
  • H-07: Missing access control in LendingLedger checkpoint functions
  • H-08: Gauge removal permanently locks user voting power

Detection

  • DETECTED
  • DETECTED (CRITICAL)
  • DETECTED
  • DETECTED (CRITICAL)
  • DETECTED
  • DETECTED
  • MISSED
  • DETECTED

Seven out of eight highs detected. We missed H-07 (checkpoint-griefing via missing access control on checkpoint_lender / checkpoint_market) — a specific permission bug that our access-control agent should have flagged. That detection gap is now on our roadmap.

Two Findings We Upgraded Above C4

Our severity calibrator upgraded two of the C4 highs to Critical based on exploit evidence:

  • H-02 → Critical: Vote multiplication via delegation means a single voter can effectively cast unlimited votes. That is the kind of bug that decides governance outcomes.
  • H-04 → Critical: Delegated tokens get permanently locked when the owner's lock expires. User funds are unrecoverable. That is as bad as it gets.

Our rules say Critical only when the exploit path has zero prerequisites. Both of these qualify — anyone with locked tokens can trigger them.

Medium-Severity Coverage

2/3

Medium Findings Detected

M-01

Gauge Weight Front-Run

M-02

Lock Misalignment

17

Total Findings in Report

Two of three C4 mediums caught. The miss (M-03, underflow-protection variable rename in _change_gauge_weight) was subtle enough that it required specific knowledge of the prior audit history to flag correctly.

Why 19 Minutes Matters

The original Code4rena contest gave wardens days to analyze this protocol. Our AI engine delivered an 88% high-severity detection rate in 18.7 minutes. That is not a replacement for a careful manual audit at a protocol launch — but it is a massive step change in what continuous security monitoring can look like. You can run this audit every day. You can run it on every pull request. You can run it before you ship.

⚠️What This Means in Practice

For a team shipping governance code, this is the difference between "we audited once at launch and hoped" and "we audit every change before it hits main." When the audit takes 19 minutes instead of 19 days, the economic calculus flips.

The Honest Comparison

What We Caught

  • Vote multiplication via delegation (upgraded to Critical)
  • Permanently-locked delegated funds (upgraded to Critical)
  • Slope-underflow DoS on all gauge functions
  • Epoch-boundary reward-theft via balance snapshots

What We Missed

  • Checkpoint griefing via missing access control
  • Underflow-protection variable rename edge case

Try It Yourself

88%

High Severity Found

7/8

Critical Bugs Caught

18.7 min

Completed In

PoC

Every High Verified

Governance protocols are where bugs cost the most. We published our detection rate against a real, scored benchmark. Ask your current auditor for theirs.

Audit Your Smart Contract

Related reading

BenchmarkSmart Contracts

86% High Detection on BakerFi: 6 of 7 Criticals Caught in a 2,028-Line Yield Protocol

BakerFi ran on Code4rena in December 2024. We ran the same audit through our AI pipeline. Six of seven high-severity findings detected, including fee-evasion access control and the ERC4626 allowance exploit — all with runnable PoCs.

Mar 18, 2026 · 4 min read
BenchmarkSmart Contracts

First Rust/Solana Benchmark: 100% Critical, 90% High Detection on Jito Restaking

We benchmarked our AI audit engine against Jito Restaking — a 9,000-line Rust/Solana protocol that was the subject of four professional audits and a $150,000 Immunefi bug bounty competition. This is RedVolt's first Rust/Solana benchmark, and the results exceeded our expectations.

Mar 10, 2026 · 6 min read
BenchmarkSmart Contracts

100% Detection, 100% PoC Verified: Our Smart Contract Audit vs Code4rena VTVL

We benchmarked our AI audit engine against a real Code4rena contest. Every high and medium finding detected. Every PoC verified by Foundry. 100% severity accuracy. Here are the full results.

Feb 25, 2026 · 5 min read

Want to secure your application or smart contract?

Request an Expert Review