Are Exolane Smart Contracts Audited?
Yes. Exolane's smart contracts have been audited 7 times by two independent security firms: 6 audits by Sherlock and 1 by Zellic. The audits cover the core protocol, oracle integration, collateral system, liquidation logic, funding rate math, position management, vault contracts, and access controls.
✓ All Critical & High Findings Resolved
Every critical and high-severity finding across all 7 audits was acknowledged by the development team, fixed in subsequent code versions, and verified by the auditing firm in follow-up reviews.
Audit Timeline
| Date | Auditor | Version | Focus |
|---|---|---|---|
| Aug 2023 | Sherlock | V2 | Core Protocol |
| Aug 2023 | Zellic | V2 | Core Contracts |
| Sep 2023 | Sherlock | V2 Fix | Issue Remediation |
| Oct 2023 | Sherlock | V2.1 | Protocol Updates |
| Mar 2024 | Sherlock | V2.2 | Protocol Updates |
| Aug 2024 | Sherlock | V2.3 | Protocol Updates |
| Feb 2025 | Sherlock | V2.4 | Protocol Updates |
What Was Audited
Finding Resolution
All critical and high-severity findings across all audits were:
- Acknowledged by the development team
- Fixed in subsequent code versions
- Verified by the auditing firm in follow-up reviews
Fix review audits (like the September 2023 Sherlock review) were specifically conducted to verify that previously identified issues were properly resolved.
About the Auditors
Sherlock (6 audits)
Sherlock combines traditional expert-led audits with decentralized security contests. They have secured hundreds of DeFi protocols and provide ongoing coverage.
Zellic (1 audit)
Zellic specializes in adversarial security research for complex financial protocols. They perform deep manual code review combined with automated analysis.
Understanding Audit Coverage
Security audits involve expert manual review of smart contract code. While audits significantly reduce risk, traders should still:
- Review audit reports directly from the security firms
- Verify contracts on Arbiscan match the audited source code
- Monitor the TimelockController for any pending governance changes
- Stay informed about security best practices in DeFi
Read How to Read a DeFi Audit Properly for a guide on evaluating audit reports.
Where to Find the Reports
- Documentation: Audits page — full list with download links
- GitHub: exolanedex — audit reports in the repository
- Documentation — all contract addresses, audit links, and Arbiscan links in one place
Production History Since Audit
Exolane's first audit was in August 2023, and the protocol has been operational on Arbitrum One since that period. Since deployment:
- No publicly disclosed exploited vulnerability affecting Exolane deployed contracts as of May 25, 2026.
- No publicly disclosed security incident requiring an emergency trading pause affecting Exolane deployed contracts as of May 25, 2026.
- All subsequent version upgrades (V2.1 through V2.4) audited before deployment
An audit is a point-in-time review. Exolane's audit history and scoped public security record provide stronger assurance than a single launch audit.
This public security record is scoped to publicly disclosed incidents affecting Exolane deployed contracts; it is not a guarantee that undiscovered bugs do not exist.
What You Should Verify Yourself
- Download and read the audit reports — don't just take our word for it.
- Check that the deployed contract bytecode matches the audited source (contracts are verified on Arbiscan).
- Review the finding severity breakdown — look for any unresolved issues.
- Check the dates — are the audits recent enough relative to the deployed code?
- Understand that governance-controlled changes can affect live protocol behavior. Monitor the TimelockController for pending changes.