Is Exolane Safe?

Exolane is a non-custodial perpetuals protocol built for safety-conscious traders. Core logic runs on smart contracts, withdrawals are not subject to an admin pause, and trading costs are designed to stay transparent and more predictable through capped funding. However, like any DeFi protocol, it still carries real risks, including smart contract risk, oracle risk, and leverage risk. Users should treat Exolane as a protocol that can be evaluated and verified, not as a risk-free platform.

That said, "safe" is relative. Exolane carries real risks: smart contract bugs could exist despite audits, the oracle (Pyth Network) could malfunction. This page explains exactly what protections exist and what risks remain.

Security Protections

Non-Custodial Design

Your funds live in on-chain smart contracts, not in Exolane's bank account or hot wallet. There is no admin function that can transfer user collateral to another address. You can verify this by reading the contract source code on Arbiscan.

7 Independent Audits

6 audits by Sherlock and 1 by Zellic, covering core protocol, oracle integration, collateral system, liquidation logic, funding rate math, and access controls. All critical and high-severity findings were fixed and verified by auditors. See full audit details.

Timelock on Parameter Changes

Protocol-level changes (fee bounds, market creation) go through a 7-day TimelockController. This gives users time to review and exit before changes take effect.

Oracle Staleness Protection

Exolane uses Pyth Network for price feeds. If the oracle price becomes stale (older than 40 seconds), all trading pauses automatically. No new positions can be opened and no liquidations occur until fresh prices arrive.

Zero Liquidation Penalty

Unlike most perpetual exchanges that charge 5–10% liquidation penalties, Exolane charges 0%. When you're liquidated, remaining collateral stays in your account. The protocol absorbs bad debt rather than passing it to other users.

Known Risks

These are real risks. We disclose them because transparency is more important than marketing.

  • Smart contract risk: Audits reduce but do not eliminate bugs. Undiscovered vulnerabilities may exist in audited code.
  • Emergency pause: The multisig can pause all operations (excluding withdrawals) instantly. This is intended for emergencies but means temporary loss of access is possible.
  • Oracle risk: If Pyth Network delivers incorrect prices, settlements and liquidations could be wrong. Oracle manipulation, while difficult, may be theoretically possible.
  • Leverage risk: You can lose your entire deposit. 10x leverage means a 10% adverse move liquidates your position.
  • Arbitrum risk: Sequencer downtime, chain congestion, or bridge vulnerabilities could affect trading.

Read the full risk disclosure.

What You Should Verify Yourself

  1. Check the contract source code on Arbiscan — all contracts are verified and publicly readable.
  2. Review the audit reports linked on the audits page.
  3. Check the documentation for all contract addresses, Arbiscan links, and audit links in one place.
  4. Never invest more than you can afford to lose — this applies to every DeFi protocol, not just Exolane.

Related Resources