Skip to Content
TransparencyAudits & Security

Audits & Security

Exceed takes security seriously. The smart contracts are audited, the infrastructure is monitored in real-time, and operational security follows institutional best practices.

Smart Contract Audit

Quantstamp

The Parity program (Exceed’s core smart contract) has been audited by Quantstamp, one of the leading blockchain security firms.

The audit covered all program instructions including pair creation, deposits, withdrawals, rate setting, and access control.

Real-Time Monitoring

Hypernative

Exceed uses Hypernative for continuous, real-time security monitoring:

  • Exploit detection — AI-powered detection of smart contract exploits and anomalous transactions
  • Risk alerts — Immediate notifications for unusual on-chain activity
  • Protocol monitoring — Monitoring of all integrated DeFi protocols for security incidents
  • Position health — Automated monitoring of borrowing position health factors

Hypernative’s monitoring covers not just Exceed’s own contracts, but also the downstream protocols where capital is deployed (Kamino, JupLend, etc.).

Verified Builds

The Parity program is deployed with verified builds, meaning anyone can independently compile the source code and confirm it matches the deployed on-chain program. This eliminates the risk of the deployed program differing from the audited source code.

Operational Security

MPC Custody (ForDefi)

All on-chain operations are executed through a ForDefi MPC wallet:

  • No single private key controls the treasury
  • Multi-party computation requires multiple approvals for each transaction
  • Hardware-secured key shards distributed across independent parties
  • Transaction logs and approval chains are fully auditable

Manual Execution

Rebalancing is never fully automated. The engine generates optimal allocations, but:

  1. The operations team reviews each rebalance recommendation
  2. Transactions are prepared and reviewed before signing
  3. ForDefi MPC requires multi-party approval
  4. Post-execution verification confirms correct state

This “human-in-the-loop” approach prevents automated bugs or exploits from draining funds.

Access Control

The Parity program uses an on-chain AccessControl PDA that restricts which wallets can:

  • Set exchange rates
  • Create new pairs
  • Modify pair parameters
  • Execute administrative functions

Only the ForDefi MPC wallet has authority over these operations.

Protocol Risk Management

Beyond Exceed’s own security, the engine continuously manages risk across all integrated protocols:

Diversification

Capital is spread across 10+ protocols. No single protocol failure can result in total loss.

Concentration Limits

Per-protocol and per-strategy concentration caps prevent overexposure.

Daily Monitoring

Health factors, utilization rates, and protocol status are monitored daily. The rebalance report flags any positions approaching risk thresholds.

Rapid Response

If a protocol is compromised, positions can be unwound within hours. The operations team maintains playbooks for emergency scenarios.

Bug Bounty

For responsible disclosure of security issues, please contact the team at security@exceed.finance.

Last updated on
On-Chain VerificationOverview