diff --git a/README.md b/README.md
index ae10595..40600a6 100644
--- a/README.md
+++ b/README.md
@@ -122,7 +122,7 @@ interface ILIQFlash {
 | Contract | Address | Etherscan |
 |----------|---------|-----------|
 | LIQFlashYul | `0xe9eb8a0f6328e243086fe6efee0857e14fa2cb87` | [View](https://etherscan.io/address/0xe9eb8a0f6328e243086fe6efee0857e14fa2cb87) |
-| TestBorrower | `0x53cddbcdee2dc2b756a25307f4810c609b28c3e7` | [View](https://etherscan.io/address/0x53cddbcdee2dc2b756a25307f4810c609b28c3e7) |
+| TestBorrower | `0x7e13a21ce933a7122a8d1bdf0aeced4ba48ecad6` | [View](https://etherscan.io/address/0x7e13a21ce933a7122a8d1bdf0aeced4ba48ecad6) |
 | USDC | `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48` | [View](https://etherscan.io/address/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48) |
 
 Owner: `0xaF7EB1455e2939DF433042ba64d06D0Cb478B1c7`
@@ -163,7 +163,7 @@ npx tsx script/deploy-borrower.ts
 
 ## Gas Breakdown
 
-Verified transaction gas: **85,292** ([real mainnet tx](https://etherscan.io/tx/0x35274dd1af81d4424cfa35cadff05508a3148a72805730bfef8de9f6d686af5c))
+Verified transaction gas: **85,292** ([real mainnet tx](https://etherscan.io/tx/0x35274dd1af81d4424cfa35cadff05508a3148a72805730bfef8de9f6d686af5c) - using legacy TestBorrower)
 
 | Component | Estimated Gas | Notes |
 |-----------|---------------|-------|
diff --git a/audits/audit_responses.md b/audits/audit_responses.md
index 966ddfd..dcbaff1 100644
--- a/audits/audit_responses.md
+++ b/audits/audit_responses.md
@@ -60,13 +60,13 @@ This document tracks responses to audit findings that are either false positives
 
 ### Out of Scope (Example/Test Code)
 
-**Finding #1: TestBorrower arbitrary lender injection** - TRACKED AS ISSUE #19
+**Finding #1: TestBorrower arbitrary lender injection** - FIXED AND DEPLOYED
 - Real vulnerability but in example/test contract, not production code
-- Created issue to harden the example for safety of integrators who may copy it
+- Fixed in PR #22 with validation checks (expectedLender, initiator, token, amount)
+- Redeployed to mainnet: [0x7e13a21ce933a7122a8d1bdf0aeced4ba48ecad6](https://etherscan.io/address/0x7e13a21ce933a7122a8d1bdf0aeced4ba48ecad6)
 
-**Finding #7: Unsafe ERC20 Operation Usage (TestBorrower)** - OUT OF SCOPE
-- TestBorrower is example code, not production
-- Would be fixed as part of Issue #19
+**Finding #7: Unsafe ERC20 Operation Usage (TestBorrower)** - FIXED
+- Fixed as part of Issue #19 - now checks transfer return value
 
 ### Acknowledged Design Decisions (Additional)
 
@@ -82,6 +82,6 @@ This document tracks responses to audit findings that are either false positives
 | Finding | Severity | Issue | Status |
 |---------|----------|-------|--------|
 | #2/#3: Excess USDC extraction | Medium | [#18](https://github.com/igor53627/liq/issues/18) | Closed - Design decision |
-| #1: TestBorrower lender injection | High (example code) | [#19](https://github.com/igor53627/liq/issues/19) | Fixed in PR #22 |
+| #1: TestBorrower lender injection | High (example code) | [#19](https://github.com/igor53627/liq/issues/19) | Fixed in PR #22, deployed to mainnet |
 | #8: Missing ERC20 return value checks | Info | [#20](https://github.com/igor53627/liq/issues/20) | Closed - Future version |
 | #13/#14: Missing events | Best Practices | [#21](https://github.com/igor53627/liq/issues/21) | Closed - Gas optimization |