Audit Results
Manish Bhattacharya, a Staff Security Engineer with 9+ years securing FinTech and crypto startups, reviewed the full extension codebase from February 6 to 22, 2026. He’s an 18x Google Vulnerability Research Grant recipient, recognized by Google, Apple, Microsoft, Coinbase, and Stripe.| Critical issues found | 0 |
| Total issues found | 5 (2 high, 3 medium) |
| Issues fixed and verified | 5 of 5 |
| Architecture | Chrome Manifest V3 (latest security model) |
What Was Reviewed
The audit covered the full extension surface: background service workers, content scripts injected into Meteora, Polymarket, and Hyperliquid, authentication flows, message handling between browser contexts, data streaming connections, and all third-party dependencies.What This Means for You
Your keys, your control
The extension never touches your private keys, seed phrases, or passwords. Wallet interactions are strictly read-only.
Encrypted connections
All data between the extension and MetEngine servers travels over encrypted channels.
Verified message handling
The extension validates where every internal message comes from before acting on it.
Clean logout
When you log out, your session ends on both the extension and the server. No lingering connections.
Full Report
Read the complete audit report
14-page PDF with detailed findings, code samples, and fix verification from the auditor.