Is Exolane Safe?
Exolane is a non-custodial perpetuals protocol with 7 independent security audits, non-custodial smart contracts, and transparent on-chain protections. Core logic runs on audited smart contracts, available-collateral withdrawals are designed not to be admin-paused, and trading costs are bounded by a hard ±15% APR funding cap. This page explains the security protections in place and the risks all traders should understand.
"Safe" depends on your risk tolerance. All DeFi protocols carry risks — smart contract vulnerabilities, oracle failures, and leverage-related losses are possible. Exolane discloses all known risks transparently so you can make an informed decision.
Security Protections
Non-Custodial Design
Your funds live in on-chain smart contracts, not in Exolane's bank account or hot wallet. There is no admin function that can transfer user collateral to another address. You can verify this by reading the contract source code on Arbiscan.
7 Independent Audits
6 audits by Sherlock and 1 by Zellic, covering core protocol, oracle integration, collateral system, liquidation logic, funding rate math, and access controls. All critical and high-severity findings were fixed and verified by auditors. See full audit details.
Timelock on Parameter Changes
Protocol-level changes (fee bounds, market creation) go through a 7-day TimelockController. This gives users time to review and exit before changes take effect.
Oracle Staleness Protection
Exolane uses Pyth Network for price feeds. If the oracle price becomes stale (older than 40 seconds), all trading pauses automatically. No new positions can be opened and no liquidations occur until fresh prices arrive.
Zero Liquidation Penalty
Unlike most perpetual exchanges that charge 5–10% liquidation penalties, Exolane charges 0%. When you're liquidated, remaining collateral stays in your account. The protocol absorbs bad debt rather than passing it to other users.
Track Record
Operational on Arbitrum One since August 2023. Current public-record language:
- No publicly disclosed critical security incident affecting Exolane deployed contracts as of May 25, 2026.
- No publicly disclosed exploited vulnerability affecting Exolane deployed contracts as of May 25, 2026.
- No publicly disclosed security incident requiring an emergency trading pause affecting Exolane deployed contracts as of May 25, 2026.
- All 7 pre-deployment audit findings resolved before mainnet deployment
- 5 protocol upgrades (V2 to V2.4) deployed through 7-day TimelockController
This public security record is scoped to publicly disclosed incidents affecting Exolane deployed contracts; it is not a guarantee that undiscovered bugs do not exist.
Known Risks
Exolane discloses all known risks transparently so traders can make informed decisions.
- Smart contract risk: Exolane has 7 independent audits, but as with any smart contract system, ongoing monitoring is maintained.
- Emergency pause: The multisig can pause trading in emergencies to protect users. Withdrawals are designed to remain available during trading pauses for available collateral, subject to chain availability, wallet access, oracle conditions, and protocol constraints.
- Oracle risk: Pyth Network aggregates prices from multiple independent publishers. Exolane has 40-second staleness protection — trading automatically pauses if price data becomes stale.
- Leverage risk: You can lose your entire deposit. 10x leverage means a 10% adverse move liquidates your position.
- Arbitrum risk: Sequencer downtime, chain congestion, or bridge vulnerabilities could affect trading.
What You Should Verify Yourself
- Check the contract source code on Arbiscan — all contracts are verified and publicly readable.
- Review the audit reports linked on the audits page.
- Check the documentation for all contract addresses, Arbiscan links, and audit links in one place.
- Never invest more than you can afford to lose — this applies to every DeFi protocol, not just Exolane.