Guardian - GMX
Case Study

“Guardian's commitment to high quality audits, keeping up with industry best practices and alignment between the auditors and the protocol has led to them being a highly valuable partner in improving the security of GMX”



This document serves as an exposition of the Guardian security review process, detailing multiple engagements between the Guardian team and GMX protocol.


Guardian is a Smart Contract security service provider re-imagining the traditional audit model with two competing internal Guardian teams, Smart Contract fuzzing, and a Pay-Per-Vulnerability pricing alternative. Guardian’s novel approach effectively incentivizes their security team to uncover as many vulnerabilities as possible and leave no stone unturned.


GMX is a perpetual-futures powerhouse on the Arbitrum and Avalanche networks, holding the largest TVL of any protocol on Arbitrum, with over $500,000,000 at the time of writing.

Why Guardian?

    Guardian boasts a security team with extensive experience in banking, DeFi, economics, trading, and software correctness. With a V2 launch as extensive and anticipated as GMX V2, it was paramount that GMX engaged a highly specialized team offering rigorous attention to detail with an incentivized model. Guardian was exactly that team.

    “We were very impressed by the quality of the audit from Guardian, they went above and beyond and exceeded our expectations, each found vulnerability was accompanied by a PoC test to demonstrate the issue, they found edge cases and wrote additional test cases which are now included in our test coverage”


    GMX Core Contributor

    The Reports

    Reports Link

    Dissecting The Security Reviews

    In the 10-month period from October 4th, 2022 to July 28th, 2023 GMX engaged Guardian to review the security of GMX V2 a total of 7 times.

    After the initial launch of the GMX V2 platform, the GMX team has engaged Guardian an additional 10 times to review protocol additions and updates. The GMX team has additionally referred several teams to Guardian to review their integration with the GMX V2 system.

      Pre-Launch, 7 Security Reviews — Battle Testing GMX V2

      Throughout the 7 pre-launch security reviews of GMX V2, a total of 9 security researchers, including 3 Lead Researchers, reviewed over 14,000 lines of Solidity code in scope.

      Throughout each review, findings and recommendations were shared with the GMX team as they were uncovered by Guardian. Explicit written PoC (proof-of-concept) tests accompanied High, Critical and sometimes Medium issues.

      With every engagement, Guardian implemented net-new test cases to add to the overall code and edge-case coverage of the testing suite. As a result, over 15,000 lines of tests written by Guardian have been adopted into the gmx-synthetics/test/guardian repo.

      Finally, Guardian scrutinized remediations made by the GMX team and ensured that no net-new vulnerabilities were introduced as a result of any updates.

      During this 10-month period a total of 84 security researcher weeks resulted in the remediation and acknowledgement of 351 findings, with 80 High and Critical findings resolved.

      Post-Launch, Ongoing Reviews — Securing The GMX Ecosystem

      After the successful launch of the GMX V2 system, GMX has solidified their security partnership with Guardian in an ongoing retainer. Guardian has since completed 10 additional engagements reviewing additions and updates to the GMX system.

      As a result of Guardian’s ongoing review an additional, 3 Critical, 7 High, 31 Medium, and 43 Low issues have been disclosed and remediated thus far.

      In addition to reviewing all updates and additions in the GMX system, Guardian has actively secured 5 protocols integrating with the GMX V2 system: Dolomite, IVX, Abracadabra Money, Umami DAO, and Jones.

      From Guardian’s Arbitrum ecosystem GMX V2 integration reviews, 21 Critical, 27 High, 76 Medium, and 54 Low findings were uncovered and prevented.

      “Guardian is amongst the most effective teams in the whole industry. They have a clear attention to detail that most auditors don’t have.”


      Founder at Dolomite, GMX V2 Integrator

      “One of the best audits we’ve had.”


      Abracadabra Money, GMX V2 Integrator


      Throughout the 10-month security review process leading up to the launch of GMX V2, not only did Guardian disclose 351 findings, with 80 of them being of High or Critical severity, but additionally contributed over 15,000 lines of tests and offered insights on the design of the protocol from the beginning.

      Guardian’s attention to detail and immense verification efforts were key in delivering the successful launch of GMX V2 in August of 2023, which saw the protocol securely amass over $200,000,000 in TVL in just three months.

      “Without engaging Guardian it would have taken much longer to get GMX V2 ready for launch”


      GMX Core Contributor

      Since the launch of GMX V2 in August, Guardian has continued to have a significant impact on the GMX system and the Arbitrum ecosystem as a whole with 21 engagements surrounding the ongoing development of GMX V2 as well as protocol integrations.

      Guardian is dedicated to continue these efforts in securing the GMX system and enabling deep synergies within the Arbitrum ecosystem via secure integrations with the GMX V2 building block.

      ”We wouldn’t have launched without an audit performed by Guardian.”


      Founder at Dolomite, GMX V2 Integrator