Tetu was audited by DeFiYield. Most of critical issues were solved and DeFiYield conclusion was the following:
"The audited contracts are the main part of the Tetu.io ecosystem. Contracts are well written and commented with good readability. The Tetu team did a lot of work to remove all previously found vulnerabilities, including critical centralization issues. Timelock with announcement logic was provided for every critical contract change. It’s important to point out that the Controller contract still features certain centralization degree: the functions mintAndDistribute() and controllerTokenMove() enable the contract owner to have control over the protocol’s token distribution, but with the timelock delay. We are confident that any token distribution should be fully decentralized. However, there are no critical issues left, and users have an ability to monitor all announcements related to the token transfers. No suspicious functions were revealed during the auditing."