Meteora ($MET) Web3 Project Audit Report

Executive Summary

Meteora is a high-velocity liquidity protocol on the Solana blockchain, offering advanced automated market maker (AMM) models and token launch infrastructure. As of April 2025, the protocol demonstrates massive product-market fit with billions in monthly trading volume. However, the project carries a Medium risk profile due to a team token allocation (18%) that exceeds conservative thresholds, partial code opacity, and historical baggage from its previous iteration as Mercurial Finance.

1. General Description

• What is this project? Meteora is a decentralized liquidity protocol built on Solana. It provides a suite of liquidity primitives, including Dynamic Liquidity Market Makers (DLMM), Dynamic AMMs (DAMM v2), and Dynamic Bonding Curves (DBC) [1] [2] [3].
• What problem does it solve? It addresses capital inefficiency for Liquidity Providers (LPs), high slippage for traders, and sniper bot exploitation during new token launches. It allows LPs to concentrate capital and earn dynamic fees during market volatility [2] [3].
• For what audience? The platform serves DeFi traders, Liquidity Providers (LPs) seeking yield, and token creators/projects looking to bootstrap liquidity safely [2] [3].
• Sources: Official website, documentation [4] [1] [2] [3].

2. Team

• LinkedIn: A professional company page exists for Meteora.ag [5].
• Socials: The project maintains a highly active presence on X (formerly Twitter) under the handle @MeteoraAG [6].
• Known team members: The team operates largely pseudonymously, which is common in DeFi but presents a risk. A known co-lead operates under the pseudonym "0xSoju" (@0xSoju on X), who is also associated with the Bedrock Foundation [7] [8].
• Sources: LinkedIn, X [6] [5] [7].

3. Concept/Documentation

• Uniqueness: Meteora differentiates itself through its DLMM bin-based model (offering zero-slippage swaps within discrete price bins) and its DBC protocol, which allows tokens to launch on a bonding curve and automatically migrate to an AMM once a liquidity threshold is reached [2] [3].
• Demand analysis: There is massive, verifiable demand. The DLMM protocol alone recorded $3.44 billion in 30-day DEX volume and generated $7.42 million in fees over the same period [9].
• Roadmap: The project successfully executed "The Meteora Plan," a roadmap designed to rebrand the project from Mercurial Finance (distancing itself from FTX exposure) and launch its dynamic vaults and AMMs [10].
• Technical details: Built on Solana using SPL and Token-2022 standards. It features configurable fee modes, NFT-backed LP positions, and anti-sniper rate limiters [1] [2].
• Fees / Revenue: The protocol generates revenue through swap fees. For example, the DBC protocol collects a fixed 20% of the trading fee, a portion of which goes to $MET token buybacks (tracked as "Holders Revenue") [11] [2].
• Partnerships: Meteora is heavily integrated with Jupiter, Solana's leading DEX aggregator. The $JUP token launch was notably powered by Meteora's DLMM [4] [12].
• Sources: Documentation, DeFiLlama, Medium [4] [9] [11] [10] [12] [1] [2] [3].

4. Coin/Tokenomics

• Tokenomics exists: Yes, the $MET token is live on Solana [13] [14].
• Distribution: WARNING. The team allocation is 18%, which violates the strict <=10% safety guideline for team distribution [13].
• Decentralized distribution: As of early 2026, there are over 37,500 holders of the $MET token. The total supply is approximately 997.7 million tokens [14].
• Unlocks: Meteora maintains a transparent Investor Relations dashboard tracking specific wallets (e.g., Team Vault, Reserve Vault, Buyback Wallet) to monitor circulating supply and unlocks [15].
• Known investors: The project has raised funds with participation from IDG Capital and is supported by the Bedrock Foundation [16] [8].
• TVL & Volume: DLMM TVL sits at $254.34 million with $3.44 billion in 30-day volume. DAMM v2 and DBC also contribute tens of millions in TVL and volume [9] [11] [17].
• Sources: Solscan, DeFiLlama, Meteora TGE/IR sites [13] [9] [11] [17] [14] [15].

5. Code

• Open source: Partial. While SDKs, documentation, and audit reports are public on GitHub, the core smart contracts do not appear to be fully open-source for public contribution [18] [19] [20].
• Security audits: Strong. The project has undergone extensive and continuous auditing by top-tier firms including Offside Labs, OtterSec, Sec3, and Zenith. Audit dates range from early 2024 through June 2025 [21] [22].
• Bug bounty program: No public bug bounty program was identified in the provided documentation.
• Sources: GitHub, Meteora Docs [18] [19] [21] [22] [20].

6. Risks

• Financial risks: The project carries historical baggage from its previous iteration as Mercurial Finance, which was impacted by the FTX collapse. While the rebrand to Meteora aimed to reset this, reputational risk remains [10] [23].
• Technical risks: High complexity in configurable fee schedules and bonding curves could lead to configuration errors by token creators, resulting in poor user experiences [1] [2].
• Team risks: The team operates pseudonymously (e.g., 0xSoju), creating key-person and accountability risks [7].
• Tokenomics risks: The 18% team allocation is higher than ideal, creating potential sell-pressure risks during unlock events [13].

7. Community

• Social media size & Activity: The project has a highly active community. They maintain an active X account, a Discord server for community discussions, and a Telegram channel specifically for developer updates [6] [24] [25].
• Sources: X, Telegram, Discord [6] [24] [25].

8. Final Assessment

• Risk level: Medium
• Key strengths of the project:
• Exceptional product-market fit with billions in real trading volume and millions in generated fees [9].
• Deep integration with Jupiter, ensuring massive order routing and visibility [4] [12].
• Rigorous and continuous security audits from multiple reputable firms (OtterSec, Offside Labs, Zenith) [21] [22].
• Real yield mechanics, including a dedicated $MET buyback wallet funded by protocol revenues [11] [15].
• Key issues and warnings:
• Tokenomics Warning: The 18% team allocation exceeds the recommended 10% maximum, posing a centralization and dump risk [13].
• Transparency Warning: The core team is pseudonymous, and the core smart contracts are not fully open-source [19] [7].
• Security Gap: Despite heavy auditing, the lack of a formalized, public bug bounty program leaves a gap in decentralized security monitoring.

References

1. What is DAMM v2?. https://docs.meteora.ag/overview/products/damm-v2/what-is-damm-v2
2. What is Dynamic Bonding Curve?. https://docs.meteora.ag/overview/products/dbc/what-is-dbc
3. What's DLMM? - Meteora Documentation. https://docs.meteora.ag/overview/products/dlmm/what-is-dlmm
4. Meteora: Home. https://meteora.ag/
5. Meteora.ag. https://www.linkedin.com/company/meteora-ag
6. Meteora (@MeteoraAG) / Posts / X. https://x.com/MeteoraAG
7. Soju 燒酒 | Meteora (@0xSoju) / Posts / X. https://x.com/0xSoju
8. Our goal is to replicate venture-style returns on-chain. .... https://x.com/0xSoju/status/2031750699567251722
9. Meteora DLMM TVL, Fees, Revenue & Volume. https://defillama.com/protocol/meteora-dlmm
10. Unveiling The Meteora Plan. https://meteoraag.medium.com/unveiling-the-meteora-plan-8b4164d8a5a5
11. Meteora Dynamic Bonding Curve Fees, Revenue & Volume. https://defillama.com/protocol/meteora-dynamic-bonding-curve
12. Guide: How to participate in the JUP launch as a DLMM .... https://meteoraag.medium.com/guide-how-to-participate-in-the-jup-launch-as-a-dlmm-liquidity-provider-4ad7af8364b7
13. Meteora TGE - Creating Opportunities for All. https://met.meteora.ag/
14. Meteora (MET). https://solscan.io/token/METvsvVRapdj9cFLzq4Tr43xK4tAjQfwX76z3n6mWQL
15. Meteora Investor Relations. https://ir.meteora.ag/
16. What is Meteora? YZi Labs leads a $25.5 million .... https://www.gate.com/news/detail/15141872
17. Meteora DAMM V2 TVL, Fees, Revenue & Volume. https://defillama.com/protocol/meteora-damm-v2
18. Build with Meteora - Meteora Documentation. https://docs.meteora.ag/
19. Meteora. https://github.com/MeteoraAg
20. GitHub - MeteoraAg/audits: Meteora's Program Audit Reports · GitHub. https://github.com/MeteoraAg/audits
21. DLMM - Meteora Documentation. https://docs.meteora.ag/resources/audits/dlmm
22. DAMM v2 - Meteora Documentation. https://docs.meteora.ag/resources/audits/damm-v2
23. DeFi trader Mercurial rebrands to distance itself from FTX .... https://www.theblock.co/post/198012/stablecoin-dex-mercurial-rebrands-to-distance-itself-from-ftx
24. Meteora Dev Updates. https://t.me/meteora_dev
25. Join the Meteora Discord Server!. https://x.com/MeteoraAG/status/1812360990190899295