CLMM Security & Audits

This page summarizes security assurances for Swap.io Liquidity (CLMM): audits, live bounty, verified deployment, and code/IDL verification.

✅ Audits

  • Raydium Base Audit (Q3 2022, OtterSec) The underlying CLMM design was audited by OtterSec. 📄 View report

  • Swap.io Independent Audit (Apr 2025, Zenith Security) Our modifications to the Raydium fork were reviewed by Zenith Security. 📄 View report

👏 Findings confirm our changes are limited in scope and do not introduce significant vulnerabilities.

🛡️ Bug Bounty

We run a public bounty for responsible disclosure.

📦 Program Deployment (On-Chain)

  • Program ID SWPammPnp7L9qFgV436u3CSPmcxU6ZQm6ttawzDTRuw

  • Explorer 🔗 Solscan account

🔍 Code & IDL Verification

Solscan Program Security Page provides:

  • Source Code Verified — deployed bytecode matches our open-source repo

  • Commit Reference — links to the exact audited commit

  • IDL Verified — interface is published and verified for safe integrations

  • Security Links — consolidated references for transparency

🔗 Solscan: Program Security

🧾 Transparency Commitments

We publish and maintain:

  • Independent (upstream) and Swap.io audit reports

  • A live bug bounty program

  • Verified on-chain program ID & explorer profile

  • Source & commit verification + IDL for developers

✅ Our goal is maximum verifiability for users, integrators, and auditors—and to uphold best practices in the Solana ecosystem.

Last updated