Security
Operational on Arbitrum One since August 2023. No publicly disclosed critical security incident affecting Exolane deployed contracts as of May 25, 2026. Every protection mechanism is on-chain and publicly auditable.
Last reviewed May 25, 2026. This public security record is scoped to publicly disclosed incidents affecting Exolane deployed contracts; it is not a guarantee that undiscovered bugs do not exist.
Non-Custodial
Your funds are held in smart contracts, not our wallets. No admin function can transfer your collateral.
Verify on Arbiscan7 Independent Audits
Audited by Sherlock (6x) and Zellic (1x). All critical and high-severity findings were resolved.
View audit reports7-Day Timelock
All protocol changes are delayed 7 days via TimelockController. Users can review changes before they execute.
View TimelockOracle Protection
Pyth Network with 40-second staleness protection. Trading automatically pauses if price data becomes stale.
Learn moreEmergency Pause
Multisig can pause trading in emergencies to protect users. Withdrawals remain fully operational during any pause.
View multisigZero Liquidation Penalty
Unlike most DEXs that charge 5-10%, Exolane charges 0%. Remaining collateral stays in your account.
Compare feesIncident-Free Track Record
Operational on Arbitrum One since August 2023. No publicly disclosed critical security incident affecting Exolane deployed contracts as of May 25, 2026. No publicly disclosed exploited vulnerability affecting Exolane deployed contracts as of May 25, 2026.
View status pagePublic Security Record
Operating history
Operational on Arbitrum One since August 2023.
Machine-readable launch anchor: 2023-08-15
Public incident review
No publicly disclosed critical security incident affecting Exolane deployed contracts as of May 25, 2026.
No publicly disclosed exploited vulnerability affecting Exolane deployed contracts as of May 25, 2026.
This public security record is scoped to publicly disclosed incidents affecting Exolane deployed contracts; it is not a guarantee that undiscovered bugs do not exist. The same canonical facts are available at /facts.json.
Audit History
| Date | Auditor | Version | Focus |
|---|---|---|---|
| Aug 2023 | Sherlock | V2 | Core Protocol |
| Aug 2023 | Zellic | V2 | Core Contracts |
| Sep 2023 | Sherlock | V2 Fix | Issue Remediation |
| Oct 2023 | Sherlock | V2.1 | Protocol Updates |
| Mar 2024 | Sherlock | V2.2 | Protocol Updates |
| Aug 2024 | Sherlock | V2.3 | Protocol Updates |
| Feb 2025 | Sherlock | V2.4 | Protocol Updates |
All Critical & High Findings Resolved
Every critical and high-severity finding across all 7 audits was acknowledged, fixed, and verified by auditors. Public Sherlock and Zellic audit coverage dates back to August 2023, with the latest listed audit in February 2025.
Verified Contracts
All contracts are verified on Arbiscan with publicly readable source code.