Before a full audit, every protocol should verify core invariants: accounting conservation, role boundaries, upgrade authority, oracle assumptions, liquidation math, rounding, external calls, pause/shutdown paths, and fee flows.
Atlas security audits currently focus on turning these checks into repeatable candidate-finding workflows for Cantina/HackenProof-style programs and protocol pre-audit packages.
Future focus: move from broad checklist content to proof-driven modules: each module should produce a specific hypothesis, test scaffold, and report outline.