Soroban Security Audit Bank
Smart Contract Security Across the Stellar Ecosystem
The Stellar Development Foundation (SDF) is dedicated to maintaining the highest security standards within the Stellar ecosystem. The Soroban Security Audit Bank provides comprehensive, structured security audits for eligible projects funded through the Stellar Community Fund (SCF), enabling developers to build confidently on Stellar.
Program Benefits for Eligible SCF Projects
Complimentary Initial Audit
Projects will need to contribute 5% of the audit cost upfront, but this co-payment amount is eligible for a full refund, provided that critical, high, and medium vulnerabilities identified are swiftly remediated within 20 business days of receiving the initial audit report.
Incentivized Security at Key Traction Milestones
Complimentary, extensive follow-up audits are available as projects achieve critical traction milestones (e.g., $10M and $100M Total Value Locked). These audits include deeper assessments such as formal verification or competitive audits, significantly boosting project security at pivotal stages.
Enhanced Audit Readiness Support
Projects receive structured preparation support, including the implementation of best practices and security standards based on the STRIDE threat modeling framework. This ensures project teams are thoroughly prepared, optimizing audit efficiency and minimizing delays.
Trusted Audit Partners
Audit Bank funding can be used to help cover costs of security review by industry-leading audit firms at pre-negotiated rates.
Program Structure
The Soroban Security Audit Bank follows a clear, structured process designed to maximize security and audit efficiency. For detailed information, refer to the full Soroban Security Audit Bank Rules and Guidelines.
To ensure accountability and efficient resource allocation, projects may be required to co-pay for audits based on their TVL (Total Value Locked) or equivalent traction milestones.
*If the project is able to successfully address all critical, high, and medium issues identified by the Audit Firm within 20 business days, the 5% co-payment of the Initial Audit will be refunded back to the project.
Projects that require follow-up audits after the initial audit but before meeting the traction criteria for growth and scale audits are partially covered under the program. For details on coverage and requirements for these intermediate audits, please refer to the full Soroban Security Audit Bank Rules and Guidelines.
Explore Audit Reports
Review recent audit reports from supported projects.
Get Started
Already an SCF-funded project and meet eligibility requirements? Check your email for an invite or contact [email protected] to request an audit today.
New to Stellar? Start your journey with the Stellar Community Fund. For any questions on the Audit Bank, contact [email protected].
FAQ
Projects funded through the Stellar Community Fund involving financial protocols, high-dependency data services, or high-traction dApps. See details here.
Prior to an eligible project's initial audit, the project must pay 5% of its first audit cost as an upfront co-payment to SDF. Subsequently, SDF will pay the entire first audit cost to the selected audit firm. The project's co-payment amount may be refunded by SDF to the project provided the project remediates all critical, high, and medium vulnerabilities within 20 business days of receiving the audit report.
Projects should request an audit if they are eligible, and are close to launching on Stellar mainnet, demonstrate technical maturity, including stable code, comprehensive documentation, and readiness for review—typically after completing the SCF Build testnet tranche.
Eligible projects are typically matched with an audit firm within approximately two weeks after passing the readiness review. Audit firms are able to schedule most audits within 3-6 weeks after matching. The audit length depends on the scope of the code to be audited, and can take anywhere from 2 to 8 weeks.
Complimentary follow-up audits are available at significant traction milestones, such as $10M and $100M Total Value Locked. If you haven’t met these milestones yet but need an additional audit, a co-payment will be required (20% of total audit cost for 2nd audit, 50% of total audit cost for 3rd audit). See details here.
Yes, the Stellar ecosystem has advanced security tooling which can help identify and address vulnerabilities before and after audits. See a full list of available tooling here.
The Audit Readiness Checklist, including Security Best Practices, are available to support your readiness for the Soroban Security Audit Bank.