Comment on page

Audits & Security

Dolomite splits its smart contract development to two repositories: Core & Modules.

First, why two repositories?

Dolomite splits its smart contract source code between two repositories for a few reasons:
  • The Core repository was originally made by the dYdX team and uses old development practices and an older version of Solidity. We wanted to change as little as possible of the architecture of this repository because it worked exceptionally well and demonstrated its security
  • The Core repository is an encapsulation of the core protocol's immutability. Generally, this repository won't change
  • Testing in the Core repository revolves around unit tests, whereas the Modules repository enables more comprehensive testing with end-to-end integration testing by forking any live network

Dolomite Margin - Core

The Dolomite Margin Core smart contracts were audited independently at various points in their lifecycle by Zeppelin Solutions, Bramah Systems, SECBIT Labs and most-recently by Cyfrin.
The Cyfrin audit report covers the most recent suite of updates to the smart contracts. The SECBIT audit was conducted prior to launch of Dolomite on Arbitrum One. The Zeppelin Solutions and Bramah Systems audit reports cover the original version of the smart contracts that was created by dYdX (when the protocol was called Solo Margin).

Dolomite Margin - Modules

The DolomiteMargin Modules smart contracts are were audited by Zokyo. Please be aware that this repository undergoes active development and the scope (and smart contracts) covered by each audit may be different.
This repository will contain most active development, since it's where the protocol performs its integrations and creates new features that sit atop the Core's immutable infrastructure.

Code Coverage

All production smart contracts are extremely well-tested and have 100% line, statement, and branch coverage.