Audits for V3
We upgraded the smart contracts from V2 to V3 on June 6th upon receiving the below positive audit results–read more about it here.
0xmacro
0xmacro audited V3 in the week of May 15th. Their report includes a number of non-critical recommendations, which we chose to postpone to a future upgrade of the smart contracts to keep the smart contract stable for the next audit.
AfterDark Labs
AfterDark’s @sjkelleyjr and @securerodd audited V3 in the week of May 29th. Their report includes a number of non-critical recommendations, which we chose to postpone to a future upgrade of the smart contracts so that we could proceed with the upgrade without restarting the audit process.
Previous audits (V1)
Certik security audit
In Q4'2022, Glo recently underwent a comprehensive security audit by Certik, a blockchain security firm. The report identified two Centralization/Privilege risks and one informational risk.
- We addressed the first two by implementing a multisig wallet controlled by a governance council.
- We resolved the third by downgrading to a solidity release that Certik deemed stable. Our codebase is open source, and you can review the pull request here.)
Upgrading from V1 to V2
On April 3rd, the Glo team identified a critical security vulnerability. This vulnerability allowed any holder of Glo Dollar to increase their balance by sending any amount of Glo Dollar to themselves, after which their total balance would be increased by the sent amount. A malicious actor could have exploited this issue to steal funds.Once we identified the issue, we took immediate action to confirm that it had not been taken advantage of, and then fixed the issue by upgrading from V1 to V2 on April 4th. (We describe this in more details, and how we changed our processes to better address threats like this, in this blogpost.)
This could be the info box
In this program, GiveDirectly identifies impoverished African villages to give their citizens $30 per month, transferred via mobile money technology, for 3-5 years. For people living on less than $2/day this is a transformational amount.
Glo's economic model is to invest its reserve in short-term Treasury bills and give the proceeds away entirely to GiveDirectly.
References (this is a heading2)
- This is a list for references
- reference 2
- reference 3
This is additional reference text
Audits for V3
We upgraded the smart contracts from V2 to V3 on June 6th upon receiving the below positive audit results–read more about it here.
0xmacro
0xmacro audited V3 in the week of May 15th. Their report includes a number of non-critical recommendations, which we chose to postpone to a future upgrade of the smart contracts to keep the smart contract stable for the next audit.
AfterDark Labs
AfterDark’s @sjkelleyjr and @securerodd audited V3 in the week of May 29th. Their report includes a number of non-critical recommendations, which we chose to postpone to a future upgrade of the smart contracts so that we could proceed with the upgrade without restarting the audit process.
Previous audits (V1)
Certik security audit
In Q4'2022, Glo recently underwent a comprehensive security audit by Certik, a blockchain security firm. The report identified two Centralization/Privilege risks and one informational risk.
- We addressed the first two by implementing a multisig wallet controlled by a governance council.
- We resolved the third by downgrading to a solidity release that Certik deemed stable. Our codebase is open source, and you can review the pull request here.)
Upgrading from V1 to V2
On April 3rd, the Glo team identified a critical security vulnerability. This vulnerability allowed any holder of Glo Dollar to increase their balance by sending any amount of Glo Dollar to themselves, after which their total balance would be increased by the sent amount. A malicious actor could have exploited this issue to steal funds.Once we identified the issue, we took immediate action to confirm that it had not been taken advantage of, and then fixed the issue by upgrading from V1 to V2 on April 4th. (We describe this in more details, and how we changed our processes to better address threats like this, in this blogpost.)