Tramplin Audit Results by MixBytes
Tramplin is a Solana-native premium staking platform built with security as its core principle.
By building on Solana’s native staking — the safest staking primitive on the network — Tramplin provides users with protection by default. At all times, funds remain under the control of the user, not the platform.
To further strengthen this foundation, Tramplin underwent a comprehensive security audit by MixBytes — a leading blockchain security and smart contract auditing firm that has previously worked with Lido, Aave, Curve, and others.
Over a 10-day period, our codebase was reviewed in depth, using a combination of manual review and automated tooling. The goal was to identify potential vulnerabilities and attack vectors, ensuring that nothing compromises the safety of users’ funds, which was successfully achieved.
You can find the full audit report here, and for your convenience, we are covering the highlights in this post.
Core findings
Three independent auditors reviewed multiple potential attack vectors, and determined that the Tramplin platform has a solid security foundations, including:
- Role separation enforcement: signer verification is consistently applied and all operations are correctly validating admin/operator/dealer roles.
- ORAO VRF integration is securely implemented with proper program ID validation preventing substitution attacks.
- Stage transition validation: double claiming prevention through empty account validation before claim processing.
- Merkle proof validation: correct stake ownership in ensured through proper range checks.
- Account ownership validation is comprehensive with all account access functions verifying program ownership.
The audit confirmed that Tramplin has a proper implementation of core cryptographic and access control mechanisms.
Implemented improvements
The audit highlighted several areas for improvement that did not impact user safety, but were recommended to further strengthen the redistribution system. All recommendations have since been implemented by the Tramplin team.
The system now reflects the audited and reviewed design.