# Audited by Solidity.Finance

We had a successful audit from Solidity.Finance available here: <https://solidity.finance/audits/DeepFreeze/>\
\
The main things to note in the audit:\
\
\- They found a potential re-entrancy issue with how we approved withdrawals prior to sending withdrawals. Although they were not able to exploit this in testing due to withdrawals happening via NFT redemption, it was erroneous code that we are glad they found and we have removed.\
\
\- They note that the owner of the frETH and NFT contracts has the power to mint frETH and Freezer NFTs arbitrarily. We explained our intention to call the setOnlyGovernor() function to relinquish these controls to TrueFreezeGovernor() and they confirmed once we are live on mainnet they will review and update the audit at the same link.\
\
Here is proof of setOnlyGovernor() being called on the NFT Contract to relinquish control:\
<https://etherscan.io/tx/0x83bafdaeb17bdb82d6e330b438fdb2c30a700761a90249605c0a3efb5c1fb5af>\
\
Here is proof of setOnlyGovernor() being called on the frETH Contract to relinquish control:\
<https://etherscan.io/tx/0x01133952aca8db19e2dd45f970830d9ad05e8049b4cae356820dbbf64379d1fb>\
\
NOTE: Just because we were audited does **not** mean there is no smart contract risk. Smart contract risk is always present. True Freeze contracts are **immutable** and there is no DAO or entity or mechanism to recover user funds if Solidity Finance's audit missed an exploit.\
\
[common-risks-in-defi-to-understand](https://deepfreezellc.gitbook.io/true-freeze/origins/common-risks-in-defi-to-understand "mention")<br>