# Audits & Security

### **1. Audits** <a href="#id-1.-audits" id="id-1.-audits"></a>

* Audit report from Sherlock ([Source](https://sherlock-files.ams3.digitaloceanspaces.com/reports/extra-finance-audit-report-1734534935.pdf))

{% file src="<https://2858456557-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2K7L6qM6znh2wIGpWwOA%2Fuploads%2FQuw0sj6V9dRbzVmgh0si%2F2025.06.19%20-%20Final%20-%20Extra%20Finance%20Private%20Best%20Efforts%20Audit%20Contest%20Report%201750340468.pdf?alt=media&token=a6dbd1f5-703b-4822-9a80-bfbb8ed14c42>" %}

* Audit report from PeckShield ([Source](https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-ExtraFi-v1.0.pdf))

{% file src="<https://2858456557-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2K7L6qM6znh2wIGpWwOA%2Fuploads%2FJQ2F8UoNa2bWm7GNUs3Q%2FPeckShield-Audit-Report-ExtraFi-v1.0%20(1).pdf?alt=media&token=bc4560c5-133a-49c9-9c7a-460d92bfc801>" %}

* XLend liquidity protocol is a fork of Aave V3. Check Aave's audit reports [here](https://github.com/aave/aave-v3-core/tree/master/audits).

### **2. Bug Bounty**

XLend bug bounty is live on Immunefi:

{% embed url="<https://immunefi.com/bug-bounty/extrafinance/information/>" %}

### **3. Proactive Monitoring**

*(The partnership has not yet been renewed in 2025, still in review)*

We have partnered with [Hexagate](https://www.hexagate.com/) to protect the protocol from cyber exploits, hacks, governance, and financial risks.

### 4. Rainy-Day Fund

Approximately **$1,000,000 USDC** has been accumulated to the Rainy-Day Fund to safeguard the protocol against unexpected incidents and protect the lending pool from insolvency.

For more details and to track the current balance of the Rainy-Day Fund, visit: <https://debank.com/profile/0xC918a60e4D40d15959A85fa8b35f6dB96907BabF>

### **5. Oracle Safety**

Please check our Oracle selection & usage here:  [price-feed](https://docs.extrafi.io/extrafi-xlend/borrow-lend/price-feed "mention")