Audits

Lombard maintains a rigorous security audit program with multiple independent firms reviewing the protocol’s smart contracts and infrastructure. Every major release and feature addition undergoes thorough third-party security review before deployment.

6Audit Partners

10Completed Audits

100%Coverage

Audit Partners

Lombard works with six leading blockchain security firms:

OpenZeppelinIndustry-standard smart contract security firm, known for auditing major DeFi protocols

HalbornBlockchain security company specializing in smart contract audits and penetration testing

VeridiseFormal verification and security audit firm focused on cryptographic protocols

SherlockDecentralized audit marketplace combining expert auditors with competitive review processes

ABDKSmart contract auditing firm specializing in mathematical and cryptographic verification

CantinaSecurity research collective providing smart contract audits and code reviews

Complete Audit History

BTC.b and BridgeV2OpenZeppelin

October 24, 2025OpenZeppelin BTC.b/BridgeV2

StakeAndBakeABDK

September 22, 2025ABDK StakeAndBake

Yield BearingSherlock

July 25, 2025Sherlock Yield Bearing

Yield BearingOpenZeppelin

July 25, 2025OpenZeppelin Yield Bearing

V2 ReleaseVeridise

December 17, 2024Veridise V2

V2 ReleaseOpenZeppelin

December 13, 2024OpenZeppelin V2

FBTC IntegrationHalborn

December 9, 2024Halborn V2

BTC.b PMMHalborn

October 10, 2024Halborn V1.5

V1 ReleaseVeridise

August 21, 2024Veridise V1

V1 ReleaseHalborn

August 5, 2024Halborn V1

What Auditors Review

Each audit covers critical areas of the protocol:

Smart contract logicCorrectness of minting, burning, staking, and bridging operations

Access controlVerification that only authorized parties can execute privileged functions

Economic attacksAnalysis of potential manipulation vectors including flash loans, reentrancy, and oracle manipulation

Upgrade safetyReview of proxy patterns, timelocks, and upgrade mechanisms to prevent unauthorized modifications

Cross-chain securityVerification of bridging logic, message validation, and dual-verification requirements

Cryptographic operationsReview of signature schemes, threshold signing, and key management

Continuous Security

Beyond formal audits, Lombard maintains ongoing security through:

Hexagate monitoring — Real-time behavioral monitoring of all protocol contracts, alerting on anomalous patterns
Bug bounty program — Immunefi program with rewards up to $250,000 for critical vulnerabilities (see Bug Bounty)
Penetration testing — Regular external penetration testing of infrastructure and operational systems
Incident response — Documented procedures for responding to security events, including pausable contract functions and emergency governance actions

Next Steps

Bug Bounty — Report vulnerabilities and earn rewards
Security Model — Full overview of Lombard’s defense-in-depth architecture
Smart Contracts — Deployed contract addresses for verification