Halborn, a blockchain security firm trusted by top industry names like Coinbase, Uniswap, and the Solana Foundation, has audited the Molecula core Ethereum smart contracts suite. Over nearly four weeks of review, Halborn reported zero critical, high, or medium-severity vulnerabilities across the extensive code base.
The audit focused on the infrastructure behind mUSD, Molecula yield-bearing stablecoin representing permissionless money market fund. Molecula protocol allocates and continuously rebalances users' USDT deposits across yield-generating assets from the leading DeFi players, including Spark, AAVE, and Ethena. As yield accrues, the mUSD supply increases to reflect net gains automatically and on-chain.
The Scope
Halborn examined:
- Deposit and accounting logic within the asset pool
- mUSD token mechanics, including minting and rebasing
- Oracle modules that track and apply portfolio performance
- Liquidity rebalancing operations
- Privileged functions and emergency controls
Halborn engineering team combined automated tools (Slither, Foundry, Aderyn, 4naly3er) with hands-on adversarial testing to detect bugs, exploit paths, and design flaws. They identified four low-severity or informational issues. Molecula development and security teams carefully reviewed each, implemented changes where needed, and updated Halborn, marking one of the findings as not applicable.
It is important to note that none of the identified issues could impact user funds, protocol integrity, or system stability.
Why It Matters
Independent smart-contract security assessments are no longer an option for an ambitious DeFi protocol since a record $1.7b was lost to DeFi exploits in 2024. Halborn client roster (Solana Foundation, Coinbase, Uniswap, and Circle, among others) gives its sign-off the weight Molecula has set as a bar regarding security.
This audit represents a key step toward infrastructure-level credibility for users and capital allocators. With formal verification of key contracts and an external security assessment, Molecula reinforces its position against one of the main barriers emerging DeFi protocols face: lack of trust.
What Comes Next
Since its inception, Molecula has been committed to a top-notch security approach and external validation. Following formal verification comes the Halborn audit, and we have scheduled the report update for Q4 2025 as the protocol develops and transitions into full DAO governance. All contracts remain open-source and verifiable on-chain.
The full audit report is available here.
Curious about the details or eager to run your own checks?
Read the Halborn report, browse the repo, or drop into Discord to discuss your findings. We build in the open and welcome anyone willing to participate, criticize, or support.
