Are Exolane Smart Contracts Audited?

Yes. Exolane's smart contracts have been audited 7 times by two independent security firms: 6 audits by Sherlock and 1 by Zellic. The audits cover the core protocol, oracle integration, collateral system, liquidation logic, funding rate math, position management, vault contracts, and access controls.

✓ All Critical & High Findings Resolved

Every critical and high-severity finding across all 7 audits was acknowledged by the development team, fixed in subsequent code versions, and verified by the auditing firm in follow-up reviews.

Audit Timeline

DateAuditorVersionFocus
Aug 2023SherlockV2Core Protocol
Aug 2023ZellicV2Core Contracts
Sep 2023SherlockV2 FixIssue Remediation
Oct 2023SherlockV2.1Protocol Updates
Mar 2024SherlockV2.2Protocol Updates
Aug 2024SherlockV2.3Protocol Updates
Feb 2025SherlockV2.4Protocol Updates

What Was Audited

Market contracts
Oracle integration
Collateral system
Liquidation logic
Funding rate math
Position management
Access controls
Vault contracts

Finding Resolution

All critical and high-severity findings across all audits were:

  • Acknowledged by the development team
  • Fixed in subsequent code versions
  • Verified by the auditing firm in follow-up reviews

Fix review audits (like the September 2023 Sherlock review) were specifically conducted to verify that previously identified issues were properly resolved.

About the Auditors

Sherlock (6 audits)

Sherlock combines traditional expert-led audits with decentralized security contests. They have secured hundreds of DeFi protocols and provide ongoing coverage.

Zellic (1 audit)

Zellic specializes in adversarial security research for complex financial protocols. They perform deep manual code review combined with automated analysis.

Understanding Audit Coverage

Security audits involve expert manual review of smart contract code. While audits significantly reduce risk, traders should still:

  • Review audit reports directly from the security firms
  • Verify contracts on Arbiscan match the audited source code
  • Monitor the TimelockController for any pending governance changes
  • Stay informed about security best practices in DeFi

Read How to Read a DeFi Audit Properly for a guide on evaluating audit reports.

Where to Find the Reports

Production History Since Audit

Exolane's first audit was in August 2023, and the protocol has been operational on Arbitrum One since that period. Since deployment:

  • No publicly disclosed exploited vulnerability affecting Exolane deployed contracts as of May 25, 2026.
  • No publicly disclosed security incident requiring an emergency trading pause affecting Exolane deployed contracts as of May 25, 2026.
  • All subsequent version upgrades (V2.1 through V2.4) audited before deployment

An audit is a point-in-time review. Exolane's audit history and scoped public security record provide stronger assurance than a single launch audit.

This public security record is scoped to publicly disclosed incidents affecting Exolane deployed contracts; it is not a guarantee that undiscovered bugs do not exist.

What You Should Verify Yourself

  1. Download and read the audit reports — don't just take our word for it.
  2. Check that the deployed contract bytecode matches the audited source (contracts are verified on Arbiscan).
  3. Review the finding severity breakdown — look for any unresolved issues.
  4. Check the dates — are the audits recent enough relative to the deployed code?
  5. Understand that governance-controlled changes can affect live protocol behavior. Monitor the TimelockController for pending changes.