The most critical subjects covered in our audit are functional correctness and frontrunning resistance. Functional correctness is high.
While the conduit withdraw() function can be frontrun, the function is only called by members of the SubDAO which are able to mitigate the risk, if necessary, by using more private channels for the inclusion of such transactions into the blockchain.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.