Introduction
Ensuring the safety and security of the dYdX Chain software is our top priority. That’s why we are extensively testing and auditing the code to make sure that user funds are always safe. Today, we’re sharing that Informal Systems has fully audited the dYdX Chain code and all findings have been addressed by the dYdX team. Dive into the audit below.
Details of the Audit
Informal Systems implements a multi-layered, automated approach to their security audits and is well-versed in security for the Cosmos Ecosystem. They audited the dYdX Chain code in three phases.
Phase I covered:
Custom modules: x/assets, x/perpetuals, x/epochs, x/sending, x/prices, x/subaccounts,
Liquidation and price-feed daemons
Custom changes to forked versions of CometBFT and Cosmos SDK.
Phase II covered:
Custom modules: x/clob
Custom changes to forked versions of CometBFT and Cosmos SDK.
Phase III covered:
Custom modules: x/bridge, x/delaymsg, x/rewards, x/vest
Bridge Daemon
Additional custom changes to the forked version of CometBFT.
All phases of the audit are complete and we’re proud that zero critical issues currently exist within the dYdX Chain source code. The audit surfaced 1 critical issue (that is now resolved), 4 medium issues, 17 low issues and 19 informational issues. 34 of those issues were accepted and 5 issues were functioning as designed.
Thank you
Thank you to Informal Systems for their thorough audit and their commitment to help us ensure the safety and security of the dYdX Chain. We’re also hosting a bug bounty for the dYdX Chain software with payouts up to $5,000,000 depending on severity and eligibility. Any issues brought up in the audit or otherwise known by the dYdX team are not eligible for the bug bounty, and other terms and conditions apply. See the details here.
Find Informal Systems on Twitter, Github, and LinkedIn.
About dYdX and Terms
Here at dYdX, our mission is to democratize access to financial opportunity. We believe the release of the dYdX Chain software will represent notable progress in service of that mission. The events that have transpired over the last year have only reinforced the need for open, transparent, and permissionless financial products. We’re excited for v4 software to better meet those needs.
If building the future of a decentralized exchange and open finance is something you’re interested in, check out what it’s like to work at dYdX and our open roles!
To ask additional questions, join the discussion on Discord, participate in the dYdX community, or follow us on Twitter. We’re excited to continue building the dYdX Chain and will continue to release updates over the coming months.
Terms and Conditions: Informal Systems is independent from and unaffiliated with dYdX. dYdX is not responsible for any action taken by Informal Systems or any other third parties, or content set forth on any third-party websites, including any links posted for informational purposes that are linked in this post. This post is subject to the dYdX Terms of Use. dYdX products and services are not available to persons or entities who reside in, are located in, are incorporated in, or have registered offices in the United States or Canada, or Restricted Persons (as defined in the dYdX Terms of Use). Terms of Use specific to v4 software can be found here.