An Independent On-Chain Audit
Meridian won
Avalanche Build Games.
Here's what we found
on-chain.
Meridian Protocol won the $100,000 grand prize in Avalanche's 6-week, $1M Build Games 2026 competition, selected from 23 finalists out of 2,000+ applicants. The marketing site describes 57 smart contracts, AMM-priced credit default swaps, cross-chain margin via Teleporter, and AI-powered risk monitoring. We reviewed verified source code on Snowscan where available, decompiled the rest, indexed the deployer's transactions on Fuji testnet, traced every call, and read every event log to see what's actually deployed.
Sophisticated architecture, early-stage activity
The Meridian Protocol's architecture is genuinely sophisticated. A tranched credit vault with waterfall yield distribution, a CDS registry that creates standalone swap contracts, a hub-and-spoke collateral model with Teleporter-compatible messaging, and governance-managed AI agent timelocks — this is real financial engineering, built in a 6-week competition window.
Build Games judges evaluate projects on "experimentation, originality, and long-term potential, rather than polish or short-term traction" and "technical execution relative to the project's stage." With that context, dormant subsystems are expected for early-stage work. Still, the marketing site presents some features as working that we could not confirm on-chain, and some technical claims don't match the deployed bytecode.
This audit presents what we found on-chain. Where claims match reality, we say so. Where they don't, we show the evidence and note possible explanations.
How we conducted this investigation
Every finding on this site is independently verifiable on-chain. We used four data sources:
MongoDB Index
All blocks and transactions on Fuji testnet (43113) indexed in real-time. We queried every transaction from the deployer address 0xD243eB302C08511743B0050cE77c02C80FeccCc8 and every address it interacted with.
Source Code & Bytecode
10 contracts have verified Solidity source on Snowscan (testnet.snowscan.xyz), including StrategyRouter, the three AI agent contracts, and LiquidationBot. The remaining 16 deployed contracts were decompiled from bytecode. Function signatures, storage layouts, constructor arguments, and cross-contract references were extracted from both.
Tenderly Traces
Key transactions were traced through Tenderly to confirm internal calls, state changes, and event emissions. This revealed the actual call graph between contracts.
Direct RPC
View functions were called directly against Fuji RPC to confirm current state: token balances, pool metrics, messenger counts, and contract ownership.
Claims vs. on-chain reality
Here are three of the most significant discrepancies. The full analysis is on the Evidence page.
"57 Smart Contracts" with "692 Tests Passing" and "10K Fuzz Runs"
29 contracts exist on-chain (26 deployed + 3 dynamic creates). The 57 figure likely counts all Solidity source files including interfaces, libraries, and abstract contracts — a common counting convention. Tests/fuzz claims were likely demonstrated to Build Games judges via the required GitHub submission but are not publicly verifiable.
Deployer nonce analysis: 47 nonces, 26 contract creations, 3 dynamic
"CDS with AMM bonding curve pricing" — bonding curve auto-adjusts with demand
CDS contracts use a fixed premium rate of 250 basis points (2.5%) per year. No AMM, no bonding curve, no dynamic pricing found in decompiled bytecode. Rate is set at creation time.
CDSRegistry decompiled bytecode + CDS #0/#1 storage reads
"Cross-chain margin engine via ICM/Teleporter" — unifies collateral across Avalanche L1s
Custom Messenger contract (NOT standard Avalanche Teleporter). Zero messages sent. Hub and spoke deployed on the same chain (Fuji 43113) — a loopback configuration, not actual cross-chain.
Messenger.messageCount() = 0, pendingCount() = 0