CLMM Security & Audits
This page summarizes security assurances for Swap.io Liquidity (CLMM): audits, live bounty, verified deployment, and code/IDL verification.
β
Audits
Raydium Base Audit (Q3 2022, OtterSec) The underlying CLMM design was audited by OtterSec. π View report
Swap.io Independent Audit (Apr 2025, Zenith Security) Our modifications to the Raydium fork were reviewed by Zenith Security. π View report
π Findings confirm our changes are limited in scope and do not introduce significant vulnerabilities.
π‘οΈ Bug Bounty
We run a public bounty for responsible disclosure.
π¦ Program Deployment (On-Chain)
Program ID
SWPammPnp7L9qFgV436u3CSPmcxU6ZQm6ttawzDTRuwExplorer π Solscan account
π Code & IDL Verification
Solscan Program Security Page provides:
Source Code Verified β deployed bytecode matches our open-source repo
Commit Reference β links to the exact audited commit
IDL Verified β interface is published and verified for safe integrations
Security Links β consolidated references for transparency
π Solscan: Program Security
π§Ύ Transparency Commitments
We publish and maintain:
Independent (upstream) and Swap.io audit reports
A live bug bounty program
Verified on-chain program ID & explorer profile
Source & commit verification + IDL for developers
β Our goal is maximum verifiability for users, integrators, and auditorsβand to uphold best practices in the Solana ecosystem.
Last updated