# Security

## Audits

| Program                             | Auditor                                            | Date    | Report                                                                                                                                                                    |
| ----------------------------------- | -------------------------------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Order-book AMM                      | [Kudelski Security](https://kudelskisecurity.com/) | Q2 2021 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/Kudelski%20Q2%202021/Raydium_Audit.pdf)                                                               |
| Concentrated liquidity (CLMM)       | [OtterSec](https://osec.io/)                       | Q3 2022 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/OtterSec%20Q3%202022/Raydium%20concentrated%20liquidity%20\(CLMM\)%20program.pdf)                     |
| Updated order-book AMM              | [OtterSec](https://osec.io/)                       | Q3 2022 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/OtterSec%20Q3%202022/Raydium%20updated%20order-book%20AMM%20program.pdf)                              |
| Staking                             | [OtterSec](https://osec.io/)                       | Q3 2022 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/OtterSec%20Q3%202022/Raydium%20staking%20program.pdf)                                                 |
| Order-book AMM & OpenBook migration | [MadShield](https://www.madshield.xyz/)            | Q2 2023 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/MadSheild%20Q2%202023/Raydium%20updated%20orderbook%20AMM%20program%20%26%20OpenBook%20migration.pdf) |
| Constant product AMM (CPMM)         | [MadShield](https://www.madshield.xyz/)            | Q1 2024 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/MadShield%20Q1%202024/raydium-cp-swap-v-1.0.0.pdf)                                                    |
| Burn & Earn (liquidity locker)      | [Halborn](https://www.halborn.com/)                | Q4 2024 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/Halborn%20Q4%202024/raydium_liquidity_locking.pdf)                                                    |
| LaunchLab                           | [Halborn](https://www.halborn.com/)                | Q2 2025 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/Halborn%20Q2%202025/raydium_launch.pdf)                                                               |
| CPMM (update)                       | [Sec3](https://www.sec3.dev/)                      | Q3 2025 | [View](https://github.com/raydium-io/raydium-docs/blob/master/audit/Sec3%20Q3%202025/raydium_cp_swap_pr55.pdf)                                                            |

Members of the [Neodyme](https://neodyme.io/) team have also performed extensive reviews via bug bounty agreements.

***

## Bug bounty <a href="#bug-bounty" id="bug-bounty"></a>

Raydium runs an active bug bounty program in partnership with [ImmuneFi](https://immunefi.com/).

See the Bug bounty page for full details on scope, rewards, and how to submit.

{% content-ref url="bug-bounty-program" %}
[bug-bounty-program](https://docs.raydium.io/raydium/protocol/bug-bounty-program)
{% endcontent-ref %}

***

## Access controls <a href="#access-controls" id="access-controls"></a>

Raydium's programs are owned by the BPF Upgradeable Loader, allowing an Upgrade Authority to push updates when necessary.

**All program Upgrade and Admin Authority is held under a** [**Squads multi-sig**](https://v3.squads.so/developers/programs/RVhaWTdGUGNjTnVFdmdIWk1DTXB3dzJGZW44b0xXQlNKemRnQ3NYM0Rqd20=)**.**

Programs are fully upgradeable (labeled as such on [Solscan](https://solscan.io/)). All changes are reviewed by core team members before implementation. For larger updates, Raydium engages experienced security whitehats for review via bug bounties.

Raydium does not currently employ a timelock for upgrades. Timelock mechanisms are planned as code moves toward open-sourcing and community governance.

### **Core programs**

<table><thead><tr><th width="341.25">Program</th><th>Address</th></tr></thead><tbody><tr><td>LaunchLab</td><td><code>LanMV9sAd7wArD4vJFi2qDdfnVhFxYSUg6eADduJ3uj</code></td></tr><tr><td>Concentrated Liquidity (CLMM)</td><td><code>CAMMCzo5YL8w4VFF8KVHrK22GGUsp5VTaW7grrKgrWqK</code></td></tr><tr><td>CPMM</td><td><code>CPMMoo8L3F4NbTegBCKVNunggL7H1ZpdTHKxQB5qKP1C</code></td></tr><tr><td>AMM v4</td><td><code>675kPX9MHTjS2zt1qfr1NYHuzeLXfQM9H24wFSUt1Mp8</code></td></tr><tr><td>Staking</td><td><code>EhhTKczWMGQt46ynNeRX1WfeagwwJd7ufHvCDjRxjo5Q</code></td></tr><tr><td>Farm Staking</td><td><code>9KEPoZmtHUrBbhWN1v1KWLMkkvwY6WLtAVUCPRtRjP4z</code></td></tr><tr><td>Ecosystem Farms</td><td><code>FarmqiPv5eAj3j1GMdMCMUGXqPUvmquZtMy86QH6rzhG</code></td></tr><tr><td>Stable Swap AMM (deprecated)</td><td><code>5quBtoiQqxF9Jv6KYKctB59NT3gtJD2Y65kdnB1Uev3h</code></td></tr><tr><td><strong>Upgrade Authority</strong></td><td><strong><code>GThUX1Atko4tqhN2NaiTazWSeFWMuiUvfFnyJyUghFMJ</code></strong></td></tr></tbody></table>

### Auxiliary programs

| Program               | Address                                        |
| --------------------- | ---------------------------------------------- |
| AMM Routing           | `routeUGWgWzqBWFcrCfv8tritsqukccJPu3q5GPP3xS`  |
| AcceleRaytor          | `9HzJyW1qZsEiSfMUf6L2jo3CcTKAyBmSyKdwQeYisHrC` |
| **Upgrade Authority** | `8aSRiwajnkCP3ZhWTqTGJBy82ELo3Rt1CoEk5Hyjiqiy` |