Audits & Security
Dolomite splits its smart contract development to two repositories: Core & Modules.
Dolomite splits its smart contract source code between two repositories for a few reasons:
- The Core repository was originally made by the dYdX team and uses old development practices and an older version of Solidity. We wanted to change as little as possible of the architecture of this repository because it worked exceptionally well and demonstrated its security
- The Core repository is an encapsulation of the core protocol's immutability. Generally, this repository won't change
- Testing in the Core repository revolves around unit tests, whereas the Modules repository enables more comprehensive testing with end-to-end integration testing by forking any live network
Dolomite Margin Coresmart contracts were audited independently at various points in their lifecycle by Zeppelin Solutions, Bramah Systems, and most-recently by SECBIT Labs.
The SECBIT audit report covers the most recent suite of updates to the smart contracts. The Zeppelin Solutions and Bramah Systems audit reports cover the original version of the smart contracts that was created by dYdX (when the protocol was called Solo Margin).
DolomiteMargin Modulessmart contracts are were audited by Zokyo. Please be aware that this repository undergoes active development and the scope (and smart contracts) covered by each audit may be different.
This repository will contain most active development, since it's where the protocol performs its integrations and creates new features that sit atop the Core's immutable infrastructure.
All production smart contracts are extremely well-tested and have 100% line, statement, and branch coverage.