GMX-Solana: Mainnet Test and Second Round of Audit

Proposals
1

Over the past ten months, we have been actively developing GMX-Solana. On December 4th, we successfully concluded our first round of audit and received the initial audit report. The feedback was overwhelmingly positive, and we have promptly implemented comprehensive fixes for the issues identified during the audit. Building on this progress, and following suggestions from Xdev, we have successfully deployed a full version of GMX-Solana on the devnet, along with a fully functional front end for internal testing, aimed at verifying functional alignment with GMX.

According to our auditors, a more comprehensive second round of audit is required for enhanced security. The primary reason is that the first round of audit focused on individual components of GMX-Solana, and due to time constraints, the interdependencies among these components were not examined in depth. Hence, a deeper audit at the logic level, considering all interdependencies, is necessary. Since this second audit is more complex, it will also require more time.

It should be noted, however, that based on the current level of completeness following the first round of audit, we have sufficient confidence that GMX-Solana is ready for the mainnet test. Thus, the second round of audit can proceed in parallel with the mainnet test.

Regarding GT, GT’s incentives for traders are crucial for the large-scale adoption of GMX-Solana. GT’s objective is to maximize the storage of value generated by GMX-Solana in the GT Treasury, with GMX being a significant form of storage. This aligns with our Buyback and Distribute strategy implemented on GMX, which aims to accumulate value while effectively reducing GMX’s circulating supply, bringing value appreciation to GMX and GMX holders.

The GT Treasury employs a 5/7 multisig structure, where 4 signatures are controlled by GMX Core Contributors and 3 signatures by GMX-Solana Core Contributors to ensure balance and security. The GMX > GMX-Solana relationship also reflects our careful consideration of the governance structure.

As for open-sourcing, it will determined whether to open-source at the time of the mainnet test or after the second round of audit. Whichever choice we make will be purely from a security standpoint, but in any case, open-sourcing is assured.

Based on the information above, we are providing the latest GMX-Solana introduction, the first round of GMX-Solana audit report, and the proposals from all the audit firms for the second round of audit. The choice of the audit firm for the second round should be largely depend on the opinions of the GMX Core Contributors and the GMX Security Committee, and will then be finalized by community discussion and voting.

  1. GMX-Solana GT Page (Solana Devnet)

GMX-Solana GT Page
GMX-Solana GT Page1280×742 54.7 KB

  1. GT

GMX-Solana Fee Distribution

GMX-Solana Fee Distribution
GMX-Solana Fee Distribution1800×1600 89.2 KB

GMX-Solana Trade To Mint

GMX-Solana Trade To Mint.PNG
GMX-Solana Trade To Mint.PNG1680×2130 167 KB

GMX-Solana GT-GMX Flywheel

GT-GMX Flywheel
GT-GMX Flywheel960×1200 154 KB

GMX-Solana GT Supply Comparision

GT Supply
GT Supply1280×720 64.5 KB

  1. GMX-SOLANA: Building a Trader-Focused Perpetual DEX Through the GT-GMX Flywheel
  1. Audit Report for the First Round from Sherlock
  1. Proposals for Second Round of Audit

Bailsec

Cyfin

Sherlock

Spearbit & Cantina

Zenith

7 Likes
2

Great update. Thank you

1 Like
3

Thank you Q, great to hear about the impending mainnet launch.

1 Like
4

The Guardian Team supports the proposals made by Bailsec and Code4rena Zenith.

Note that in both proposals Co-founder and Lead Guardian Auditor, Owen Thurm, is included in these reviews.

If either of the Bailsec or Code4rena Zenith reviews is selected, Owen will provide support to:

  • Collaborate regularly with other Security Researchers through knowledge-sharing sessions, focusing on known exploit vectors and error-prone areas of GMX
  • Help match the rust logic to the Solidity version.
  • Validate complex security findings
  • Provide strategic guidance on potential attack vectors to help direct other Security Researchers’ efforts
  • Partner with Rust specialists to identify logical vulnerabilities through pair auditing

With the team that is conducting the review.

We would like to thank the GMX Solana team for their contributions thus far, and look forward to this next stage of the protocol’s development.

5 Likes
5

Hi, I’m cmichel from Cantina/Spearbit and I wanted to introduce myself as one of the potential auditors.

Relevant Experience

I transitioned from a blockchain dev into a security researcher role 4 years ago.
I’ve been doing private audits as a Lead Security Researcher for Spearbit for the last 3 years and before that did a lot of Code4rena competitions and still rank #1 on their all-time leaderboard.
I worked with major DeFi protocols like Aave (bug bounty), Euler, Maker, Morpho, Pendle, Spark, Uniswap (competition). While I haven’t audited GMX itself yet, I audited several early perp protocols (Rage Trade, Tracer, …).
In addition, I have extensive Rust development and relevant Solana auditing experience (found 2 high severity issues in the recent Cantina Tensor competitions) which is fundamental when reviewing GMX-Solana and many auditors being specialized in the EVM only.

For these reasons, I’d consider myself (and the other proposed Cantina auditors with similar experience) a great fit for the GMX-Solana audit and support the Cantina proposal.

If you’re interested in further details about me, feel free to read through my Cantina profile.

2 Likes
6

Just adding a word of support for Guardian here

From past experience with the GMX V2 audits, Owen from Guardian was able to spot issues that were not found from other audits

Guardian has an in depth understanding of the protocol and possible issues, from their continued work on reviewing GMX V2 contracts

While Guardian is not included as an auditor that would directly audit the GMX (Solana) codebase, I believe having their involvement in the audit can be beneficial

To give a balanced view, would also like to mention the benefits if Sherlock is selected, since Sherlock has done the first audit, the second audit should allow them to go deeper into the code, so this has to be weighed vs the advantages of having a new set of reviewers for the second audit

I don’t mean for this post to diminish any other auditors, I think that all auditors here have been very helpful to the GMX (Solana) team, just wanted to share my perspective

2 Likes
7

Good morning,

I’m m4rio from Cantina/Spearbit, and I wanted to introduce myself as a potential auditor.

I’m an old-school Web2 cybersecurity researcher who transitioned to Web3 around six years ago. In Web3, I focus primarily on EVM and Solana. I have been one of the researchers who audited Euler, Maker, Spark, and other projects. Additionally, I have audited GMX multiple times when various protocols were integrated with it.

I have also audited various Rust projects. Recently, I ranked 4th in the Tensor competition hosted by Cantina.

In my spare time, I build Soldeer, the only Solidity package manager built in Rust.

With the experience I’ve accumulated over the years, I consider myself and the Cantina/Spearbit crew well-suited for the GMX-Solana audit.

For further details feel free to check out my cantina profile.

1 Like
8

Thanks for introducing yourselves, gentlemen. It’s good to have the additional personal context, and see that there are plenty of capable auditors contending to work on GMX-Solana.

9

Hi there! Introducing myself too. I’m Zigtur from Cantina/Spearbit.

As the winner of the Cantina competition on Tensor (built on Solana) and the 1st on the global leaderboard, I fully endorse Cantina’s proposal.

If this proposal is selected, I am committed to participating in the competition and bringing my best game to the table.

1 Like
10

GMX-solana is already in last stage of audits. thank you for your introduction, we will bear in mind for the future =)

11

thanks again for the introduction… glad that we can check you guys out for future work.
do take a look at app.gmx.io to understand GMX perps more.
Thanks!

12

Can someone in few words explain me how the GT-GMX flywheel is contributing to the scarcity of GMX ? I Don’t really get why a new Token (GT) is needed at all. Why not just bb GMX for the treasury and distrubute some to the traders ?

13

Trade-to-mint is a new narrative. To implement this narrative, a new GT/Point must be introduced, which does not affect the majority of the protocol fees used for GMX buybacks—contribution to the scarcity of GMX.

2 Likes
14

Hi, I’m bin2chen from Sherlock, and I wanted to introduce myself as a potential auditor.

Relevant Audit Experience

I have been working as a security researcher for three years and participated in numerous audit contests,including scoring first-place four times, and identifying 11 bugs in the Andromeda contest. Additionally, found high-severity issues incontests such as EigenLayer and has a strong track record in competitions like zkSync, Astaria, Sentiment V1, and llluminate.

Relevant GMX Experience

I am familiar with GMX codebases and mathematical model , participated in several times GMX-Solidity version open audits, and also bug bounty on GMX, and participated in the initial GMX-Solana audit,identified high and medium severity vulnerabilities

With the experience I’ve accumulated over the years, I consider myself and Sherlock auditors well-suited for the GMX-Solana audit.

thanks!

3 Likes
15

Hey all,

I just wanted to chime in here given Sherlock’s relationship with the GMX team on the auditing side since 2022. We’ve been through a lot together and I think we are hitting our stride with the last GMX-Solana audit and potential follow-up audit.

I think it’s very important to note a few things:

  • Sherlock is the only candidate who has already audited GMX-Solana (finishing in December 2024)
  • Sherlock’s auditors recommended this follow-up audit to go deeper into the logic level
  • Sherlock’s auditors have already put 4 weeks of full-time auditing into this codebase, so they are best equipped to go as deep as possible in this follow-up audit, while all other auditors will have to spend valuable weeks getting up to speed

Thank you for your consideration and I’m looking forward to the potential of continuing to work with the talented GMX-Solana team.

3 Likes
16

Hello all, I’m IllIllI, working with Sherlock. I’ve been a C developer for many years, so it was fairly straight forward to pick up Rust, and then to learn Solana and Anchor for the prior gmsol engagement. I did not have any language issues during the review, and I had the most H/M findings during that review. With my extensive programming experience I believe I was also able to provide many useful suggestions about code quality that were not in the report, and that the gmsol team applied.

The prior engagement was four weeks long and I provided literally daily feedback about issues/suggestions I found/had, and I’m looking forward to spending more time with the remaining areas of the code base. I enjoy reading code, and have no problem with spending consecutive weeks at a time on a code base, going line by line. My understanding of the majority of the other proposals is that they’re more like bounty contests, where there is not enough time to review every line so the reviewers have to pick their battles, as opposed to an in-depth review, which is what I and bin2chen would be providing, or an audit contest where there is also a reasonable amount of time available for the lead reviewer to cover everything. I’m currently number two on the Sherlock leaderboard (I held the number one spot for the longest out of all LSWs), and got my start with C4 where I’m #13 on the all-time leaderboard (previously #10).

I led and won both GMXv2 contests (we had less time than the Guardian team had over the whole of their engagements up to that point, and found some issues that they did not) and personally found 39 H/M and 8 H/M in those contests. In addition, I thoroughly reviewed the gmsol-model code and I believe because of that it is no longer in scope for the follow-up review. I believe the Sherlock proposal has the best chance at catching integration bugs with the model, given my and our extensive context with both the Solana and Solidity code, and the fact that I would be a lead auditor actually looking for bugs, as opposed to just consulting.

2 Likes
17

For reference, sharing the community sentiment vote on Snapshot in this thread;

https://snapshot.box/#/s:gmx.eth/proposal/0x11953281aac686d41e57bfe4a1f341b1343f591096c583d738ebb9f317fa8a85

18

Thank you very much to the GMX community for selecting Zenith as your security partner. I am confident that this will be the first of many engagements.

As advised, I’m replying here with the payment address: 0xE83a7861E0DD1187826Ba2eF4EBA2216c407Bb4C

1 Like
19

Zenith was voted for by a couple of whales against Scherlock. I thik the further communication inclding the payment address shall be communicated and agreed upon the team. Not this thread.

20

Hi all, I second what my teammate bytes shared here, we’re excited to be working with you. I’m Head of Operations at Code4rena/Zenith and confirm our payment address of 0xE83a7861E0DD1187826Ba2eF4EBA2216c407Bb4C on Arbitrum One.