Audits for V3

We upgraded the smart contracts from V2 to V3 on June 6th upon receiving the below positive audit results–read more about it here.

0xmacro

📄 0xmacro report

0xmacro audited V3 in the week of May 15th. Their report includes a number of non-critical recommendations, which we chose to postpone to a future upgrade of the smart contracts to keep the smart contract stable for the next audit.

AfterDark Labs

📄 AfterDark Labs report

AfterDark’s @sjkelleyjr and @securerodd audited V3 in the week of May 29th. Their report includes a number of non-critical recommendations, which we chose to postpone to a future upgrade of the smart contracts so that we could proceed with the upgrade without restarting the audit process.

Previous audits (V1)

Certik security audit

📄 Certik report

In Q4'2022, Glo recently underwent a comprehensive security audit by Certik, a blockchain security firm. The report identified two Centralization/Privilege risks and one informational risk.

• We addressed the first two by implementing a multisig wallet controlled by a governance council.
• We resolved the third by downgrading to a solidity release that Certik deemed stable. Our codebase is open source, and you can review the pull request here.)

Upgrading from V1 to V2

On April 3rd, the Glo team identified a critical security vulnerability. This vulnerability allowed any holder of Glo Dollar to increase their balance by sending any amount of Glo Dollar to themselves, after which their total balance would be increased by the sent amount. A malicious actor could have exploited this issue to steal funds.Once we identified the issue, we took immediate action to confirm that it had not been taken advantage of, and then fixed the issue by upgrading from V1 to V2 on April 4th. (We describe this in more details, and how we changed our processes to better address threats like this, in this blogpost.)