Orca (ORCA) Web3 Project Audit Report

Executive Summary

Orca is a leading concentrated liquidity automated market maker (CLMM) on the Solana blockchain, operating primarily through its "Whirlpools" smart contracts. As of April 2026, the protocol demonstrates strong product-market fit with approximately $238.5 million in Total Value Locked (TVL) and over $7.2 billion in 30-day trading volume [1]. The project boasts a robust security posture with multiple audits (including a recent 2025 review) and an active $500,000 bug bounty [2] [3]. However, historical tokenomics data indicates early team and investor allocations exceeded standard conservative thresholds, requiring ongoing monitoring of token concentration.

1. General Description

What is this project?
Orca is a decentralized exchange (DEX) built on the Solana blockchain. Its core product, Whirlpools, is an open-source concentrated liquidity AMM that allows users to provide liquidity within specific price ranges [4] [5].

What problem does it solve?
It solves the problem of capital inefficiency in traditional AMMs by allowing liquidity providers (LPs) to concentrate their capital around current market prices, offering tighter spreads for traders and higher fee yields for LPs [6] [4].

For what audience?
The platform serves retail and institutional crypto traders, liquidity providers seeking yield, and developers integrating swap functionality via Orca's SDKs and APIs [7] [8].

2. Team

Team Visibility and Professionalism
The Orca team is public and highly visible, which significantly reduces anonymity risks.

• Known Team Members: The project was co-founded by Grace "Ori" Kwan and Yutaro Mori [9] [10].
• Socials & Verification: Both founders maintain active, professional profiles on LinkedIn and X (formerly Twitter) [11] [12]. The team actively participates in public podcasts, Solana Foundation events, and developer communications [9] [13].

3. Concept/Documentation

Uniqueness & Technical Details
Orca differentiates itself through its custom-built Whirlpools contract (written in Rust using the Anchor framework) and its "Adaptive Fees" mechanism, which dynamically adjusts taker fees based on market volatility to protect LPs [6] [14].

Competitor Analysis
Main competitors on Solana include Raydium and Meteora (other venue DEXs) [15] [16]. Jupiter acts as a primary aggregator that routes trades through Orca, making it both a partner and a meta-competitor for frontend volume [17] [18].

Demand Analysis & Revenue
There is proven, massive demand. As of early 2026, Orca processes ~$83.2 million in 24-hour volume and generates ~$43.18 million in annualized fees [1].

Fees & Revenue Source
Trading fees are split: 87% to the liquidity provider, 12% to the Orca DAO treasury, and 1% to the Orca Climate Fund [19].

Partnerships
Verified integrations include the Jupiter aggregator and the Phantom wallet (which lists Orca natively in its app directory) [20] [18].

4. Coin/Tokenomics

Note: Detailed current distribution metrics for 2026 are limited in official documentation; historical data from 2021/2022 is used where current data is unavailable.

• Tokenomics Exists: Yes, the $ORCA token is an SPL token on Solana (Mint: orcaEKTdK7LKz57vaAYr9QeNsVEPfiu6QeMU1kektZE) [21] [22].
• Supply: Official docs state a total supply of 75 million ORCA [21].
• Distribution (Historical Warning): Initial tokenomics outlined 20% to the team and 9.6% to Series A investors, with a 3-year vesting schedule and 1-year cliff [23] [24]. Risk Flag: The team allocation exceeds the strict 10% threshold requested in the audit parameters.
• Known Investors: Orca raised an $18M Series A in 2021 led by Polychain, Placeholder, and Three Arrows Capital (3AC) [25] [26]. Note: 3AC is defunct, which may impact historical token overhang.
• TVL & Volume: $238.56M TVL; $7.21B 30-day DEX volume [1].

5. Code

• Open Source: Yes. The core Whirlpools smart contracts and SDKs are open-source on GitHub [4] [5].
• Active Development: The repository shows active maintenance with 887 commits and recent updates in 2026 [5] [27].
• Security Audits:

  Auditor	Date	Notes
  Kudelski Security	Jan 2022	Initial Whirlpools audit [28] [4]
  Neodyme	May 2022	Found 1 high-severity issue (resolved by team) [6]
  Sec3	Aug 2025	Ongoing security partnership/audit [5] [3] [29]

• Bug Bounty: An active Immunefi bug bounty program offers up to $500,000 for critical vulnerabilities, last updated January 8, 2026 [2] [30].

6. Risks

• Financial/Tokenomics Risks (Medium-High): Historical allocations gave ~30% to insiders (team + investors), exceeding conservative limits. The involvement of defunct entity 3AC in the Series A introduces historical baggage [24] [25].
• Technical Risks (Low-Medium): While CLMMs are complex and carry inherent smart contract risks, Orca mitigates this with open-source code, three major audits (most recently in 2025), and a massive bug bounty [6] [5] [30].
• Market Risks (Medium): Liquidity providers face impermanent loss (IL), though Orca's adaptive fees attempt to mitigate this during high volatility [6] [14].
• Team Risks (Low): The founders are public, highly engaged, and have a proven track record since 2021 [9] [11].

7. Community

• Social Media Size: The official Discord server has over 21,200 members [31]. The project maintains a highly active X (Twitter) account [32].
• Activity: The Orca Governance Forums are highly active in 2026, with recent proposals discussing xORCA buyback reward increases (from 20% to 40% of protocol fees) and council re-elections [33] [34] [35].

8. Final Assessment

Risk Level: MEDIUM

Key Strengths:

• Massive Market Traction: Top-tier TVL ($238M+) and volume ($7.2B/mo) prove undeniable product-market fit [1].
• Excellent Security Posture: Open-source code, multiple reputable audits (Neodyme, Kudelski, Sec3), and a $500k bug bounty [6] [4] [30] [3].
• Strong Revenue Generation: The protocol generates over $5M in annualized revenue for the DAO, which is actively being routed to token buybacks via governance [1] [33].
• Public Team: Fully doxxed and respected founders [9].

Key Issues and Warnings:

• Tokenomics Concentration: Historical data shows team and investor allocations (~30% combined) exceed the ideal <20% combined threshold [24].
• Defunct Investor: The presence of Three Arrows Capital in the Series A requires caution regarding how those specific tokens were handled during bankruptcy proceedings [25].

References

1. Orca DEX TVL, Fees, Revenue & Volume. https://defillama.com/protocol/orca-dex
2. Orca Bug Bounties. https://immunefi.com/bug-bounty/orca/information/
3. DefiTuna - Sec3 Security Audit Report. https://resources.cryptocompare.com/asset-management/21395/1767889733766.pdf
4. The Whirlpools smart contract is now open-source! | by Orca. https://medium.com/orca-so/the-whirlpools-smart-contract-is-now-open-source-2e57dad26f67
5. orca-so/whirlpools: Open source concentrated liquidity .... https://github.com/orca-so/whirlpools
6. Security Audit. https://dev.orca.so/.audits/2022-05-05.pdf
7. Orca Documentation - Orca Documentation. https://docs.orca.so/
8. API Overview - Orca Documentation. https://docs.orca.so/api-reference/overview
9. Ori Kwan & Yutaro Mori, Co-founders, Orca | Solana. https://www.linkedin.com/posts/solana-foundation_built-for-visionaries-ori-kwan-yutaro-activity-7121169217088888832-15al
10. Ori Kwan's Post. https://www.linkedin.com/posts/gracekwan_yutaro-mori-grace-kwan-co-founders-of-activity-6816281281639395328-L0iV?trk=public_profile_like_view
11. Ori Kwan - Designer • Writer • Forbes 30 Under 30. https://www.linkedin.com/in/orikwan
12. Yutaro Mori (@rawfalafel) / Posts / X. https://x.com/rawfalafel
13. Logan Jastremski's Post. https://www.linkedin.com/posts/loganjastremski_extremely-excited-to-be-dropping-a-podcast-activity-7054160665304788992-PT-Z
14. Understanding Whirlpool Fees. https://dev.orca.so/Architecture%20Overview/Whirlpool%20Fees/
15. Orca vs Meteora: Which Is the Best Solana DEX for Trading?. https://academy.swissborg.com/en/learn/orca-vs-meteora
16. Raydium vs Orca: why do you guys prefer one over .... https://www.reddit.com/r/solana/comments/1pxtp28/raydium_vs_orca_why_do_you_guys_prefer_one_over/
17. Jupiter vs Orca: Which Is the Best Solana DEX for Trading?. https://academy.swissborg.com/en/learn/jupiter-vs-orca
18. Get Quote - Jupiter Developers. https://dev.jup.ag/api-reference/swap/v1/quote
19. Orca Whirlpool Parameters. https://dev.orca.so/Architecture%20Overview/Whirlpool%20Parameters/
20. Orca. https://phantom.com/apps/orca
21. Token Treasury. https://docs.orca.so/governance/treasury
22. Orca (ORCA). https://solscan.io/token/orcaEKTdK7LKz57vaAYr9QeNsVEPfiu6QeMU1kektZE
23. The ORCA Governance Token: True Value. https://medium.com/orca-so/the-orca-governance-token-true-value-36edc9fb4245
24. Orca Treasury Report #1. https://medium.com/orca-so/orca-treasury-report-1-700a5515b984
25. Orca raises $18M from Polychain, Placeholder, Three .... https://medium.com/orca-so/orca-raises-18m-from-polychain-placeholder-three-arrows-and-more-4e756dacf812
26. Solana-Based DEX Orca Raises $18M Series A Funding. https://www.coindesk.com/business/2021/09/22/solana-based-dex-orca-raises-18m-series-a-funding
27. Orca. https://github.com/orca-so
28. Documentation. https://dev.orca.so/legacy/
29. Sec3 (@sec3dev) / Posts / X. https://x.com/sec3dev
30. Orca Bug Bounties. https://immunefi.com/bug-bounty/orca/scope/
31. ORCA. https://discord.com/invite/orca
32. Orca 🌊 (@orca_so) / Posts / X. https://x.com/orca_so
33. Orca - A friendly welcome to the Orca forums, podmate!. https://forums.orca.so/
34. Council Proposal - 2025 Re-elections. https://forums.orca.so/t/council-proposal-2025-re-elections/638
35. Governance Proposals. https://forums.orca.so/c/governance-proposals/5