#Audits
Exolane's smart contracts reference a public audit lineage from leading blockchain security firms. This page is strongest as evidence for public report availability and claimed codebase lineage; users should still review live market parameters, governance addresses, and official domains separately.
#Audit Summary
Codebase Lineage: Exolane publicly states that its production deployment follows the Perennial V2 audit lineage listed below. Users should verify the live verified contracts, source, and addresses on Arbiscan and compare them with the current docs before relying on audit coverage alone.
| Audit | Auditor | Date | Focus | Status |
|---|---|---|---|---|
| V2 | Sherlock | August 2023 | Core Protocol | ✅ Complete |
| V2 | Zellic | August 2023 | Core Protocol | ✅ Complete |
| V2 Fix Review | Sherlock | September 2023 | Issue Remediation | ✅ Complete |
| V2.1 | Sherlock | October 2023 | Protocol Updates | ✅ Complete |
| V2.2 | Sherlock | March 2024 | Protocol Updates | ✅ Complete |
| V2.3 | Sherlock | August 2024 | Protocol Updates | ✅ Complete |
| V2.4 | Sherlock | February 2025 | Protocol Updates | ✅ Complete |
#What This Page Verifies
- Public audit report links exist for the cited Perennial V2 audit history
- Exolane publicly claims its production deployment follows the same audited Perennial V2 codebase
- Live fee settings, leverage tiers, oracle settings, and governance addresses should still be checked on the current docs and on-chain
#About Auditors
#Sherlock
Sherlock is a leading smart contract security firm that combines traditional audits with a decentralized security network.
- Methodology: Expert-led audits + competitive audit contests
- Track Record: Hundreds of DeFi protocols secured
- Coverage: Full protocol security coverage
#Zellic
Zellic is a blockchain security firm specializing in complex DeFi protocols.
- Methodology: Deep manual review + automated analysis
- Specialization: Complex financial protocols
- Approach: Adversarial security research
#Audit Scope
Our audits cover:
| Component | Audited |
|---|---|
| Market contracts | ✅ |
| Oracle integration | ✅ |
| Collateral system | ✅ |
| Liquidation logic | ✅ |
| Funding rate math | ✅ |
| Position management | ✅ |
| Access controls | ✅ |
| Vault contracts | ✅ |
#Audit Findings
#Severity Classification
| Severity | Description |
|---|---|
| Critical | Direct loss of funds possible |
| High | Significant impact to protocol |
| Medium | Moderate impact or complex exploit |
| Low | Minor issues or improvements |
| Informational | Best practices, gas optimizations |
#Finding Resolution
All Critical and High severity findings have been:
- ✅ Acknowledged
- ✅ Fixed or mitigated
- ✅ Verified by auditors
#Continuous Security
Security is ongoing, not one-time:
| Activity | Frequency |
|---|---|
| Code reviews | Every change |
| Automated testing | Continuous |
| Fuzz testing | Continuous |
| Invariant testing | Continuous |
| New audits | Major versions |
#Accessing Audit Reports
Full audit reports are available:
- Public report links: Linked directly in the table above
- GitHub: Perennial audits folder
- Related verification pages: Security Overview, Official Links, and Market Parameters
#Verification Checklist
- Open the report links above and confirm the audit dates and auditors.
- Read Security Overview to understand which admin actions and protections are currently disclosed.
- Read Market Parameters and Fee Structure for live published settings.
- Cross-check official domains and core contract addresses on Official Links.
#How to use audit reports
Audit reports are one layer of Exolane's public security materials. Read them together with the Security Overview, live deployment details, and current protocol parameters when evaluating the current setup.