Back
“The Guardian team’s attention to detail is top-notch. Sometimes when you get an audit done, you wonder how closely the team looked at your code and considered all surface area for attacks. We sleep soundly at night knowing that Guardian went through every detail of our codebase rigorously.”
Dolomite
This document serves as an exposition of the Guardian security review process, detailing the engagement between the Guardian team and Dolomite protocol.
Guardian is a Smart Contract security service provider re-imagining the traditional audit model with two competing internal Guardian teams, Smart Contract fuzzing, and a Pay-Per-Vulnerability pricing alternative. Guardian’s novel approach effectively incentivizes their security team to uncover as many vulnerabilities as possible and leave no stone unturned.
Dolomite is a next-generation decentralized money market protocol and DEX that offers broad token support and capital efficiency with its virtual liquidity system. Dolomite is capable of offering over-collateralized loans, margin trading, spot trading and other financial instruments.
Guardian boasts a security team with extensive experience in banking, DeFi, economics, trading, and software correctness. With a module as complex as Dolomite’s GM pools, it was paramount that Dolomite engaged a highly specialized team offering rigorous attention to detail. Guardian was exactly that team.
“Guardian is amongst the most effective teams in the whole industry. They have a clear attention to detail that most auditors don’t have.”
Dolomite
In November of 2023 Guardian conducted a security assessment of Dolomite’s GMX V2 module. The auditing approach championed manual analysis to uncover novel exploits and heavy usage of Dolomite’s test suite to construct corner case tests and PoC’s.
A team of four security researchers, with two Lead Security Researchers, began a 2-week Guardian review on the 1st of November. The review began with a kickoff call, where the Dolomite team detailed the GMX V2 integration and the Guardian team stress tested the design with precise questions.
Throughout the review, findings and recommendations were shared with the Dolomite team as they were uncovered by Guardian. Explicit written PoC (proof-of-concept) tests accompanied High and Critical issues. Guardian and Dolomite teams maintained continuous communication throughout the audit to discuss the findings uncovered, potential remediations, and design improvements.
During the 2 week review a total of 2 Critical, 4 High, 13 Medium, and 15 Low findings were uncovered by Guardian, confirmed and promptly remediated by Dolomite, and these remediations were finally reviewed again by Guardian.
“S-tier! Extremely professional and they know their practice really well.”
Dolomite
During the review a total of 2 Critical, 4 High, 13 Medium, and 15 Low findings were reported and remediated. Guardian takes the fix review process extremely seriously, uncovering a newly introduced Critical vulnerability from the remediations. After engaging with Guardian, the Dolomite team is much more confident in the security of their codebase.
“Our team feels really good about the state of the system because of the degree of scrutiny it has gone under for the audit”
Corey Caplan @ Dolomite
