## Nine Soroban Production Contracts Flagged for First Formal Security Audit as Audit Gap Identified
Nine production smart contracts built on the Soroban platform have been identified as operating without a completed formal security audit, according to internal project documentation. The gap has prompted a structured preparation effort aimed at readying the codebase for third-party review. No timeline for the audit itself has been disclosed.

The identified contracts require remediation across several known vulnerability classes, including integer overflow, unauthorized access control, and reentrancy risks. Project maintainers have outlined a preparation checklist that includes running automated scanning tools such as cargo audit and Soroban-specific linters, documenting admin key management and upgrade authority, and producing function-level documentation for each contract. The scope document listing all contracts and key trust assumptions remains pending completion.

The absence of a completed audit for live contracts introduces heightened scrutiny around the security model, particularly given the irreversible nature of on-chain transactions. Until external validation is obtained, users and integrators face residual risk that known vulnerability classes remain unmitigated in production. The project's push to prepare audit-ready documentation signals awareness of the exposure, though the gap between preparation and completed third-party review leaves a window of uncertainty for stakeholders operating on the platform.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: smart-contracts, security-audit, soroban, vulnerability, rust
- **Credibility**: unverified
- **Published**: 2026-04-24 00:54:08
- **ID**: 76588
- **URL**: https://whisperx.ai/en/intel/76588