> ## Documentation Index
> Fetch the complete documentation index at: https://docs.raydium.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Risk

> Audit history, admin controls, known risk surface, attack vectors, and responsible disclosure.

## Who this chapter is for

Auditors, security researchers, risk teams at integrators, and institutional users who need to evaluate Raydium before deploying capital or code against it.

## Chapter contents

<CardGroup cols={2}>
  <Card title="Audits" icon="shield-check" href="/security/audits">
    Full list of audits per program, with audit firm, scope, report links, and follow-up fix status.
  </Card>

  <Card title="Admin keys and multisig" icon="key" href="/security/admin-and-multisig">
    Which authorities exist per program, what they can change, how they are controlled (multisig, timelock), and how to verify on-chain.
  </Card>

  <Card title="Oracle and token risks" icon="triangle-exclamation" href="/security/oracle-and-token-risks">
    Oracle usage and failure modes, Token-2022 extension risks (freeze authority, transfer hook, permanent delegate), and how Raydium mitigates them.
  </Card>

  <Card title="Attack vectors" icon="bug" href="/security/attack-vectors">
    Historical and hypothetical vectors: sandwich/MEV, price manipulation, donation attacks, Token-2022 hook abuse, composability risks.
  </Card>

  <Card title="Disclosure" icon="envelope-open-text" href="/security/disclosure">
    Responsible-disclosure policy, bug bounty scope, contact paths, and what *not* to disclose publicly.
  </Card>
</CardGroup>

## Writing brief

* Cite specific on-chain accounts/program IDs for every claim about authority or mitigation.
* Do not publish private admin procedures or operational runbooks here.
* Keep historical-incident writeups factual and link to post-mortems where they exist.
