At Tinyman, we’re thrilled for the upcoming launch of incentivized consensus on Algorand. This is an important step toward greater decentralization and the long-term sustainability of the network. We’re proud to be a part of this evolution by introducing tALGO, the Liquid Staking Token. This new offering gives all ALGO holders the opportunity to contribute to Algorand’s security, earn staking rewards, and provide liquidity on Tinyman — all simultaneously.
Our Commitment to Security and Transparency
As always, security and transparency are at the heart of everything we do at Tinyman. Building on the success of our Tinyman Governance peer review process, we continued this practice with the audit of the tALGO Staking & Re-Staking contracts. We collaborated with a team of well-known, expert Algorand developers to ensure that our staking contracts meet the highest standards.
Audit Team
The following experts were involved in reviewing the tALGO contracts:
- Mariano Dominguez — Vestige Labs
- Kevin Wellenzohn & Hannes Mitterer — Blockshake/Defly
- Steve Ferrigno (nullun) — Algorand Foundation Engineer & long-time Tinyman community member
Audit Process
We provided the reviewers with comprehensive documentation, including:
- An overview of the system design and its intended functionality
- Source code written in Tealish and the corresponding Teal code
- Note: The audit did not include any user interfaces (UIs) or software development kits (SDKs).
The review process was designed to be collaborative and non-competitive. Team members shared their findings freely, encouraging open discussion and further investigation. At the end of the process, each reviewer submitted an independent report detailing their approach, findings, and any recommendations for improvements.
Compensation for Reviewers
The audit team was compensated in USDC from Tinyman’s development funds, reflecting our appreciation for their time and effort.
Findings & Recommendations
During the audit, the reviewers identified several issues of varying severity, all of which helped us refine and improve the code. These findings have been fully addressed, ensuring that the system is both secure and user-friendly. A summary of the findings, along with our responses and any changes made, can be found in the Appendix: Summary of Findings & Responses.
Key Design Considerations
While the contracts include permissioned methods, they are role-based and limited in scope. These were carefully considered to ensure that manager roles could not affect users’ principal stakes or previously earned rewards through any action or inaction — even if the manager account were compromised. The reviewers thoroughly analyzed the code from this perspective, helping us confirm that these goals were met.
Commendation for Transparency and Security
The review team commended Tinyman’s commitment to transparency and security, highlighting that the contracts are immutable and source available, ensuring the protocol’s integrity and openness.
Acknowledgments
We would like to extend our sincere thanks to the reviewers for their diligent efforts and valuable contributions. Their hard work has helped us create a more secure and robust protocol for the entire community.
Source Code & Specification Doc
The contract source code and full documentation for the tALGO Staking & Re-Staking system are publicly available here:
tALGO Source Code & Documentation
Review Reports
- Mariano Dominguez — Vestige Labs
- Kevin Wellenzohn & Hannes Mitterer — Blockshake/Defly
- Steve Ferrigno (nullun) — Algorand Foundation
Appendix: Summary of Findings & Responses
The document below summarizes the findings from all the reviewers and includes our responses, as well as references to remediation steps where necessary.
Summary of Findings & Responses
Join Us on This Exciting New Journey!
With the audit now successfully completed, we’re almost ready to launch Liquid Staking. Are you ready to be part of this next big step?
Stay up to date and engage with us by joining our community on Discord or following us on Twitter for the latest news and updates.
Stay Connected and Get Involved!
