#Security Overview
Security is a core priority for Exolane. This section covers our security model, audits, and risk disclosures.
#Security Principles
#1. Non-Custodial by Design
text
✅ Users always control their funds
✅ Smart contracts enforce all rules
✅ No admin function can transfer user collateral
✅ No backend servers hold user funds
⚠️ Multisig can pause operations in emergencies
⚠️ Contracts use upgradeable proxies — see Governance section#2. Transparent and Audited
text
✅ All contracts are verified on-chain
✅ Multiple independent audits completed
✅ Contracts publicly readable on Arbiscan#3. Minimal Trust Assumptions
text
✅ Oracle-based pricing (Pyth Network)
✅ Deterministic settlement
✅ Rule-based liquidations
✅ Timelock on parameter changes#Smart Contract Security
#Audit Status
Exolane's smart contracts have been audited by multiple firms:
| Auditor | Focus | Status |
|---|---|---|
| Sherlock | Full protocol | ✅ Complete |
| Zellic | Core contracts | ✅ Complete |
| Multiple Fix Reviews | Ongoing | ✅ Complete |
See Audits for full details.
#Contract Verification
All deployed contracts are:
- Verified on Arbiscan
- Publicly readable
- Deterministic builds
#Contract Architecture
Contracts use upgradeable proxy patterns (TransparentUpgradeableProxy). This means:
- The protocol team can deploy new implementation contracts
- Upgrades are executed through the ProxyAdmin
- Core logic can be changed through governance
- All upgrades are visible on-chain via Arbiscan
#Governance & Access Control
#Role Hierarchy
text
┌─────────────────────────────────────────┐
│ ACCESS CONTROL │
├─────────────────────────────────────────┤
│ │
│ TimelockController (7-day delay) │
│ └── Protocol parameters │
│ └── Market creation │
│ └── Extension registration │
│ │
│ Multisig (Emergency) │
│ └── Pause functionality │
│ │
│ Coordinator (per Market) │
│ └── Risk parameters only │
│ │
└─────────────────────────────────────────┘#What Admins CAN Do:
| Action | Who | Delay |
|---|---|---|
| Pause trading | Multisig | Instant |
| Update risk parameters | Coordinator | Instant |
| Update protocol parameters | Timelock | 7 days |
| Add new markets | Timelock | 7 days |
#What Admins CANNOT Do:
| Protection | Detail |
|---|---|
| Transfer user funds directly | No admin function exists for this |
| Bypass oracle settlement | Settlement logic is enforced by market contracts |
#What Admins CAN Do (disclosure):
| Action | Who | Note |
|---|---|---|
| Pause all operations (including withdrawals) | Multisig | Instant; intended for emergencies |
| Adjust risk parameters (margins, fees, funding cap) | Coordinator | Per-market; bounded by protocol limits |
| Adjust protocol-level bounds | Timelock (owner) | 7-day delay |
| Upgrade contract implementations | ProxyAdmin | Via upgradeable proxy |
#Oracle Security
#Pyth Network
- Multiple independent price publishers
- Aggregated prices reduce manipulation risk
- On-chain verification of all prices
#Staleness Protection
- 40-second maximum price age
- Trading pauses if oracle stale
- Liquidations blocked on stale prices
#User Security
#Best Practices
- Secure your wallet — Hardware wallet recommended
- Verify URLs — Only use exolane.com
- Check transactions — Review before signing
- Use stop-losses — Limit potential losses
- Understand leverage — Higher risk with higher leverage
#What Exolane Cannot Protect Against:
| Risk | Responsibility |
|---|---|
| Compromised wallet | User |
| Phishing attacks | User |
| Social engineering | User |
| Over-leveraging | User |
#Incident Response
#If Issues Occur:
- Detection — Monitoring alerts or user reports
- Assessment — Severity and scope analysis
- Pause — Emergency pause if needed
- Fix — Deploy fix or mitigation
- Communication — Public disclosure
#Emergency Pause
The multisig can pause markets in emergencies:
- Prevents new positions
- Allows position closes (with pause exemption)
- Protects users from ongoing damage
#Security Resources
#Reporting Vulnerabilities
If you discover a security vulnerability:
- Do NOT disclose publicly
- Contact [email protected]
- Provide detailed description and reproduction steps
- Wait for acknowledgment before any disclosure
Responsible disclosure is rewarded.
#Summary
| Aspect | Status |
|---|---|
| Audits | Multiple completed |
| Non-Custodial | Yes |
| Admin Controls | Limited, timelocked |
| Oracle Security | Pyth Network |