What’s better than the possible 100% swap success rate seen last month? You know it… The completion of the Lithium audit!

What has been an ongoing process over several months, involving multiple iterations, reviews, and updates, has now reached its conclusion. This milestone represents yet a significant step toward mainnet readiness and reflects the level of rigor required to build a first mover in off-chain trading.

From Start to Finish

The audit process for Lithium has not been a single event, but rather a structured and iterative process between Cyberscope and the team.

Work began toward the end of last year with the first audit iteration. As outlined in previous recaps, the process follows a two-stage approach: an initial review where the auditors analyze the codebase, examining execution paths, potential attack vectors, and overall system logic, followed by a re-audit after reported findings have been addressed.

The first iteration was delivered promptly, and as expected, a number of issues were identified. Addressing these resulted in minor updates to the Lithium on-chain contract. In several cases, however, the identified risks were already mitigated by the off-chain logic, something that was clarified and aligned with the auditors via a detailed response by our developers.

The updated version was submitted for re-audit in February, and we had to wait until March for the follow-up report. This was supposed to be the final report, but surprisingly, it included findings beyond those initially identified.

While this initially came as a surprise, it did however reflect the purpose of the audit process, which is to surface as many relevant observations as possible before moving forward to mainnet. Identifying these points at this stage is far preferable to encountering them later.

Since new findings appeared in the last and final report, the team had not yet had the opportunity to fully address the newly introduced findings. Bummer? Maybe not, because in parallel, an additional improvement to the Lithium contract had been identified internally, which required an update to the Lithium contract.

As a result, a decision was made together with the auditors to proceed with an additional audit round. This third iteration would cover both the newly identified findings by the auditors and the latest contract updates made by the team.

The third round was conducted toward the end of March, with results delivered in mid-April. A small number of additional findings were reported, all of which were assessed and determined to be mitigated by the existing off-chain logic, and therefore not critical to system integrity.

What an Audit Actually Means

It’s worth briefly clarifying what a smart contract audit represents. At its core, an audit is largely a form of structured code analysis. Auditors review the contract logic line by line, evaluating how it behaves, how state changes propagate, and whether any unintended execution paths or attack vectors exist.

An audit is not a certification that a system is “perfect” or free from all risk. Rather, it is an independent review designed to identify weaknesses, edge cases, and areas for improvement before the system is exposed to real usage.

For us, this has very practical implications. Addressing audit findings is not simply a matter of adjusting a few lines in the on-chain contract. Each change must be carefully implemented, redeployed, and validated across the broader infrastructure to ensure that it behaves correctly in combination with the rest of the system. It takes time, but ensures the final result is stable, predictable, and ready for real usage

Audit Results

‍

The final audit results provide a clear and reassuring outcome.

• 0 critical findings
• 0 medium findings
• 11 minor / informative findings

This means that no issues were identified that could lead to significant loss of funds or critical disruption of the system.

All findings falling into the category of minor or informative have been acknowledged by the team, and they are all mitigated by Lithium’s off-chain logic. This means that while these findings may appear as issues in isolation, they are not significant within the context of the complete system, where both on-chain contracts and off-chain logic work together.

The audit results will be published on Cyberscope’s website in the coming days. For each finding, there is a description of the issue, a recommended solution, and also the team’s response to the issue.

Is the Lithium audit everything this month?

Of course not. We continuously address weaknesses found from testing, and this month, testing is performed not only by bots, but also by the community through a closed testing group. The complete system is under scrutiny, from the web app to the API, as we get ourselves prepared for the next phase.

Hydranet continues to move forward, deliberately, and without shortcuts. Thank you for being with us!

‍