A single unchecked line of smart contract code can vaporize trust and TVL faster than we can refresh the crypto twitter newsfeed. Yet securing a top tier audit often feels out of reach for developers bootstrapping their web3 projects.
The Stellar Development Foundation’s Soroban Security Audit Bank flips that equation on its head by underwriting expert audits and tooling for the builders who need them most.
Since the program’s launch it has funded more than 40 full scope audits, channeling over $3 million toward hardening Stellar smart contracts.
Not one of those audited projects has suffered a major post launch exploit to date
Behind that headline lie three design choices every Stellar developer should understand.
The Audit Bank replaces the usual endless search for qualified reviewers with a curated roster of nine industry leading firms (details below). Projects building financial protocols, high dependency data services, or high traction dApps funded through the Stellar Community Fund receive a firm assignment within two weeks of request submission, a timeline that undercuts the typical waitlist by roughly 70%.
The economic model rewards not penalizes good security hygiene. Teams contribute just 5% of the quoted cost upfront, and that co-payment is fully refundable if they patch every critical, high, and medium finding inside 20 business days. The policy generated a 93% remediation rate in 2024, proving that incentives beat penalties when the clock is ticking toward mainnet.
Once a project crosses traction milestones of $10 million and $100 million TVL, follow up audits become entirely free and expand to formal verification or competitive assessments, locking in resilience as user stakes rise.
Audit readiness is treated as engineering, not paperwork. Before any line of code hits the auditors screens, teams receive structured STRIDE based threat modelling sessions, access to complimentary or discounted static analyzers and formal verification tools, and detailed checklists distilled from prior incident reports.
Early data shows that projects completing this preparation surfaces 32% fewer issues during the formal audit phase, shrinking turnaround time and review fatigue on both sides.
The result is an ecosystem where security is no longer a bottleneck to shipping ambitious ideas.
Palta.Labs credits its lightning fast integration with Stellar USDC to OtterSec’s deep protocol knowledge, while Script3 reports that Halborn’s blinded review methodology uncovered an integer overflow edge case even fuzzing missed.
DeFi exploits caused $474m in losses in 2024 contracts audited through the Audit Bank contributed nothing to that total. When users see that track record, they entrust liquidity and the founders roadmap accelerates.
The Audit Bank Process
Getting started is straightforward.
Send an email to [email protected]
After a brief scoping call you’ll submit architecture diagrams, tests, and documentation; the SDF team triages scope against risk to confirm eligibility.
For initial audits the team will be asked to provide 5% of the total cost upfront but this is redeemable assuming all issues are fixed within 20 days of receiving the audit report.
There is more information available at: https://stellar.org/grants-and-funding/soroban-audit-bank
Trusted Audit Partners
Audit Bank funding can be used to help cover costs of security review by industry-leading audit firms at pre-negotiated rates.
Certora
Specializes in Web3 security providing both audits and formal verification of smart contracts based on mathematical reasoning of code.
Code4rena
Code4rena is a competitive audit platform where 100+ top security researchers review your code per audit, uncovering high-severity bugs.
Halborn
Founded in 2019, Halborn provides world-class security assessments and consulting for Web3 and Fortune 500 clients—protecting against crypto-specific threats like smart contract exploits, social engineering, and infrastructure breaches.
Oak Security
Securing Web3 since 2017, Oak Security has completed over 600 audits without a single exploit. Oak Security’s signature blinded process guarantees that every line of code is reviewed by multiple auditors in parallel. Fast, robust, secure.
OtterSec
Focused on identifying and patching critical exploits before protocols go to market; known for securing over $36B in TVL across 120+ protocols of major ecosystems.
Runtime Verification
Offers formal methods and runtime verification techniques to enhance blockchain system safety and reliability, starting with an in-depth design and specification review to ensure deep understanding of the protocol.
Spearbit + Cantina
Cantina and Spearbit combine a world class security researcher network with purpose built tools, delivering scalable and effective solutions pre-deployment through runtime all in one platform.
Veridise
Offers rigorous smart contract and ZK circuit audits backed by deep blockchain security expertise and advanced in-house vulnerability detection tooling.
Zellic
Zellic is a leading security research firm specializing in blockchain and cryptography, led by world-class white-hat professionals and trusted by top projects for uncompromising security.
Because the Audit Bank is open source at heart, the playbook continues to evolve.
You can view all previous audits here:
https://airtable.com/appsrXm5Q0whX3mo5/shrLR1E1CV08RZV7s/tblnU4iDhJR614Beh
SDF is actively tracking metrics such as vulnerability density per 1,000 lines of code, mean time to remediation, and audit to deployment lag in order to refine tooling grants and co payment thresholds.
The Audit Bank is a great example of Stellar’s commitment to the developers building on Soroban.
