> For the complete documentation index, see [llms.txt](https://dualguard.gitbook.io/dualguard/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dualguard.gitbook.io/dualguard/security-reviews/protocol-teams/protocol-involvement-post-audit.md).

# Protocol Involvement Post-Audit

#### Protocol involvement post-audit

Once the review window closes, the focus shifts from discovery to remediation and confirmation. DualGuard coordinates the final issue set, supports the fix process, and verifies remediation before release.

**1) Findings are finalized and validated**

DualGuard reviews submissions and turns them into a clear, actionable issue list. This step includes validation, deduplication, and severity alignment so the protocol team works from confirmed findings instead of raw reports.

DualGuard prioritizes issues that materially affect security. High and medium severity findings get the most attention because they are the most likely to cause loss of funds or a meaningful system compromise.

**2) Protocol reviews the final issue set**

After the protocol receives the final list, the team assigns a disposition to each item:

* Planned for remediation in the upcoming release
* Accepted risk
* Disputed or pending clarification where protocol context may change impact

There is no universal deadline for this step. The practical requirement is timely response so remediation and verification can stay aligned with the release plan.

**3) Remediation and PR linking**

For issues marked for remediation, the protocol implements patches and links each change to the related finding, usually through separate PRs. This keeps the record easy to audit and makes fix verification faster and more reliable.

**4) Fix verification**

DualGuard then reviews the patch set to confirm:

* the original issue is fully resolved
* the fix matches the intended behavior
* the patch does not introduce new risk

For staffed engagements, the assigned review team performs fix verification. For contest-based reviews, the same principle applies: reviewers validate the relevant patch set against the confirmed findings.

**5) Final report and release readiness**

After fix verification is complete, DualGuard delivers the final report with validated findings, final severity decisions, and verification status. This report serves as the record for internal sign-off and release readiness.<br>

**Follow-up review windows**

Sometimes remediation materially changes the attack surface, such as large refactors, new modules, accounting changes, or new integrations. When the patch set is too large to verify confidently in a short window, DualGuard may recommend a focused follow-up review before sign-off.
