Home/Services/Solana DeFi Audits

Vertical specialization

Solana DeFi Audits

Deep economic & protocol review for swaps, lending, perps, and yield systems.

Fundamentally the same deep review as our standard Solana audit, pointed at the parts of a protocol where money actually moves. Most DeFi exploits don’t need a memory bug, they need someone who understands the protocol’s incentives and how it behaves under real market conditions better than the team did.

Audit Inquiry Speak to an Auditor

Methodology

Bugs in DeFi are economic before they’re syntactic.

Most exploits we’ve seen on Solana DeFi protocols didn’t need a memory-safety bug or a missing signer check. They needed someone who understood the protocol’s economics, and the incentives of everyone touching it, from a different angle than the team did. A rounding decision that looks correct in one path leaks value when it’s called in another order; a fee tier interacts with a liquidation incentive to hand an attacker a strictly-better strategy.

So a DeFi audit, for us, is mostly about understanding. How the protocol actually works, what each participant is incentivised to do, how it fits into the rest of the ecosystem, and what happens to it under market conditions the team didn’t plan for. The bugs that matter usually live in the gap between how a protocol is supposed to behave and how the market will actually push it.

We pay particular attention to the seams. Oracle integrations and their staleness and manipulation profiles, liquidation and funding logic under partial fills and price gaps, and the external protocols yours composes with. A dependency that’s perfectly safe on its own can become a lever the moment the market moves against it.

Combine that economic reading with the deep knowledge of the Solana runtime we bring to every engagement, and the findings that come out are often the ones nobody else would catch: bugs that only surface when an economic edge case meets a runtime quirk. Under the hood this is the same audit as the rest of our Solana work, just with the extra focus that DeFi demands.

What we cover

The surface area of a typical engagement.

01

Economic invariants

Solvency, dilution, accounting precision, share-pricing fairness across all paths.

02

Oracle & price feeds

Pyth, Switchboard integrations. Manipulation surfaces, staleness, fallback behaviour.

03

Liquidation & funding

Funding-rate logic, liquidation incentives, partial-fill paths, bad-debt accounting.

04

MEV & ordering

Sandwich risk, JIT liquidity attacks, instruction reordering, transaction inclusion games.

How we work

01

Understand the protocol

Before reading code we map how the protocol works, who participates, and what every party is incentivised to do.

02

Model the market, not just the code

We work through how external market conditions and the surrounding ecosystem can push the protocol into states the team never planned for.

03

Deep manual review

Two researchers read every privileged path, accounting, oracle, and liquidation flow, with the economics in mind.

04

Report & fix verification

A PDF report with severity ratings, summaries, and remediation guidance, plus fix verification with unlimited rounds within reasonable time bounds.

Selected engagements

DeFi engagements where the bugs that mattered were economic, not syntactic.

2025

Hylo

Stablecoin · vault accounting

Sep 2025

Sanctum

Jiminy · token ratio · flat-slab

May 2025

Ellipsis

On-chain CLOB · matching engine

Feb 2026

MetaDAO

Futarchy markets · conditional tokens

Ready to audit your protocol?

Submit your protocol for review and we'll respond within 24 hours. Our researchers have prevented 50+ critical exploits across the Solana ecosystem.

Lead time2–4 weeksPost-audit support6 monthsCoverage100% Solana

Submit Audit Inquiry Speak to an Auditor