Audit Review Brief
Use this page when you are reviewing OmegaX as an audit firm, diligence reviewer, sponsor security team, or capital partner.
This page orients external reviewers to OmegaX Protocol. It is not a substitute for source review, but it helps reviewers find the protocol surface, SDK, public docs, trust boundaries, and known product limits.
Use the live docs for orientation. If a procurement workflow requires a PDF, export this page from the docs site so the review copy matches the public docs.
Scope
For formal review, OmegaX can provide a pinned public review package. These docs describe the current public integration surface.
A complete review package normally includes:
- Onchain program: custody, reserve, claim, oracle, capital, governance, fee, and emergency-control transitions in the program source.
- Protocol console and adapters: mounted operator, sponsor, capital, governance, oracle, schema, member, and claim surfaces in
omegax-protocol/frontend. - Generated interface: IDL, shared contract artifacts, frontend generated artifacts, SDK bindings, and public docs must be compared against the same chosen protocol target. Start with the protocol IDL, shared contract, and SDK generated contract.
- SDK: transaction builders, account readers, PDA helpers, safe wrappers, claim-intent validation, oracle attestation helpers, and protocol-local verification in
omegax-sdk. - Public docs: user-facing claims, current product availability, and integration guidance in
omegax-docs. - Genesis Protect workflows: the boundary between onchain state and staffed claim review. Use Genesis Claims Operations and Genesis Protect Availability.
Formal review should use exact commit hashes or commit-specific repository links. Branch names alone are not enough.
Current Interface
Use generated artifacts as the reference for counts and account shapes. The current public interface is summarized in Current Program Surface and should be rechecked against the pinned audit commits before final report delivery.
At this review level, the important facts are:
programs/omegax_protocol/src/lib.rsis the Anchor facade and IDL entrypoint.- Domain modules under
programs/omegax_protocol/src/are the implementation reference. - Checked-in generated artifacts live in
idl/,shared/,frontend/lib/generated/, andomegax-sdk/src/generated/. - The current generated surface exposes 62 instructions, 31 accounts, and 122 generated types.
Architecture
OmegaX separates health workflow from settlement truth.
| Layer | What it does | What it should not hide |
|---|---|---|
| OmegaX Health | App experience, event production, oracle workflow, and privacy-sensitive claim support. | Economically material reserve or payout accounting. |
| Business Console | Sponsor and operator configuration, monitoring, cohort support, and reporting. | Settlement-critical state that should be replayable from protocol records. |
| OmegaX Protocol | Durable rights, liabilities, reserves, capital positions, attestations, controls, and settlement consequences on Solana. | Raw medical records, private evidence packets, or local human workflow. |
The protocol is reserve-domain-first. Tokens sit in configured domain vaults, while ledgers attribute reserve state across domain, plan, series, funding line, capital class, and allocation scopes. Health plans, policy series, funding lines, claim cases, obligations, liquidity pools, capital classes, and allocation positions are separate objects so sponsor money, member rights, oracle attestations, and LP capital do not collapse into one ambiguous pool.
Read Order
| Step | Read | Why it matters |
|---|---|---|
| 1 | Current Program Surface | Public boundary and instruction families. |
| 2 | Architecture | System map across app, operator, and protocol layers. |
| 3 | Core Objects | Account-level mental model before reading handlers. |
| 4 | Governance and Safety | Emergency controls, governance constraints, and safety posture. |
| 5 | Genesis Claims Operations | Claim evidence, review, holds, disputes, and offchain boundary. |
| 6 | SDK Overview and SDK API Reference | Integration surface, safe helpers, readers, and generated contract shape. |
Security review materials are supplied with the audit package. They identify the source files, generated artifacts, SDK package, and public documentation target being reviewed.
Trust Boundaries
| Boundary | Current model | Reviewer focus |
|---|---|---|
| Onchain enforcement | Program checks authorities, custody transfers, reserve ledger updates, claim state, oracle attestations, redemptions, fees, and emergency controls. | Missing signer checks, incorrect PDA seeds, unchecked token movement, ledger/account drift, arithmetic and state-transition bugs. |
| SDK safety | SDK helpers bind builders and readers to the generated protocol surface and add client-side checks for safer integrations. | Custom program ID handling, account owner checks, stale IDL/generated artifacts, unsafe bypasses, signer-intent mismatch, partial optional account scope. |
| Frontend/operator surfaces | Consoles can help users prepare or review actions, but they should not be treated as the only enforcement layer. | Any claim that frontend review is universal, mandatory, or a substitute for program constraints. |
| Claim evidence | Raw evidence and medical details stay offchain. The protocol anchors hashes, attestations, claim decisions, reserve booking, and settlement consequences. | Metadata leakage, evidence-hash substitution, stale attestations, operator abuse paths, privacy-sensitive logs or exports. |
| Governance and roles | Protocol governance and operational roles are separated by configured authorities and bootstrap controls. | Role collapse, missing multisig, unclear rotation, break-glass usage, broad hot-wallet blast radius. |
Review Areas
| Area | What can go wrong |
|---|---|
| Reserve custody | Ledger balances increase without real token custody, wrong vault signer, settlement from an unintended mint, or reserve attribution becomes ambiguous. |
| Claim lifecycle | Claimant spoofing, evidence replacement after attestation, wrong recipient routing, payout over approved amount, or offchain-only decisions with no replayable state. |
| Oracle and schema registry | Oracle spoofing, stale schema approval, wrong plan or pool binding, replayed attestations, or missing finality checks. |
| LP capital and redemptions | Clients supply payout amounts instead of shares, queued redemptions bypass impairment, NAV math becomes inconsistent, or class restrictions are ignored. |
| Privileged roles | Governance, claims, oracle, sponsor, curator, allocator, or sentinel authority collapses into one key or one undocumented operational path. |
| Generated artifacts | IDL, generated TypeScript, SDK builders, public docs, and frontend adapters drift apart. |
| SDK integration layer | Safe wrappers miss a reserve-moving path, account readers skip owner checks, claim-intent validation accepts the wrong signed transaction, or oracle-attestation helpers accept stale or wrong-context evidence. |
| Release matrix | Protocol source, generated artifacts, SDK package, docs portal, and deployed cluster are reviewed as if they are one commit when they are actually different targets. |
| Public claims | Docs imply broad insurance availability, fully decentralized claims, unsupported reserve-productivity execution, or availability beyond the current bounded product posture. |
Public Limits
OmegaX should be reviewed against the current public claims.
- Public builder integrations target Solana devnet beta.
- Genesis Protect Acute has limited, reserve-gated launch availability and is not broadly available insurance today.
- Phase 0 claim review is staffed and AI-supported, not fully automated or fully decentralized.
- Raw medical records and raw evidence packets stay offchain and out of public docs.
- Posted reserve, collected premiums, explicit sponsor funds, LP allocations, and configured backstops matter; unposted demand and app membership fees do not become claims-paying reserve by themselves.
- Reserve-productivity or yield execution is outside the public claim unless the public protocol interface exposes explicit instructions and policy.
- Formal review is tied to a specific evidence package, not only a moving branch name.
Audit Package
Use this page first, then include:
| Item | Why |
|---|---|
Exact commit hashes or commit-specific links for omegax-protocol, omegax-sdk, and omegax-docs | Fixes the review target. |
| Version matrix covering protocol commit, SDK package version or commit, docs commit, generated-artifact hashes, cluster, and program ID | Prevents accidental review of mismatched surfaces. |
| Explicit audit scope and non-goals | Prevents reviewers from spending time on unsupported surfaces. |
| Any deployment, program ID, or cluster context that is public and intended for review | Lets reviewers distinguish the supported public cluster and review target. |
| Known open questions or areas where OmegaX wants extra adversarial focus | Produces a better audit than a generic checklist. |
| Preferred report format, severity scale, disclosure process, and retest expectations | Keeps delivery operationally clean. |
A PDF can be exported from this page for procurement, but the live docs page remains the easiest entrypoint for reviewers.