2022 Ⓒ Wormhole. All Rights Reserved.
Wormhole didn’t get to be one of the longest-standing interoperability protocols without experiencing setbacks. That’s the expected cost of trailblazing. It’s how you react to those setbacks that matter. The hack of early 2022 propelled Wormhole forward, unlocking a flurry of innovation to fortify the protocol. Today, Wormhole has one of the best security programs in all of web3.
Before any Wormhole transaction can be completed, it must pass through multiple Guardians, each of whom conducts their own independent validation process prior to verifying and validating that transaction.
While the open-source community conducts security reviews on design docs and code changes before adopting them, we also continuously engage industry leading security auditing firms. These security audits are not only critical to check the work, but also serve to provide transparency and confidence to users.
|January 2022||Neodyme||Ethereum Contracts||Report available|
|January 2022||Neodyme||Solana Contracts||Report available|
|January 2022||Neodyme||Terra Contracts||Report available|
|January 2022||Neodyme||Guardian||Report available|
|January 2022||Neodyme||Solitaire||Report available|
|July 2022||Kudelski||Ethereum Contracts||Report available|
|July 2022||Kudelski||Solana Contracts||Report available|
|July 2022||Kudelski||Terra Contracts||Report available|
|July 2022||Kudelski||Guardian||Report available|
|August 2022||Kudelski||Algorand Contracts||Report available|
|September 2022||OtterSec||NEAR Contracts||Report available|
|September 2022||Trail of Bits||Solana Contracts||Report available|
|September 2022||Trail of Bits||CosmWasm Contracts||Report available|
|Q3 2022||Certik||Ethereum Contracts|
|Q3 2022||Certik||Solana Contracts|
|Q3 2022||Certik||Terra Contracts|
|Q3 2022||Trail of Bits||Ethereum Guardian|
|Q3 2022||OtterSec||Aptos Contracts|
|Q3 2022||Coinspect||Algorand Contracts|
|Q3 2022||Hacken||NEAR Contracts|
Wormhole runs on the same cryptographic primitives as Ethereum. We implement a multi-sig approach, whereby 19 Guardians - via a proof of authority of their private key - independently sign messages, but largely distrust each other. Guardians are spread across the globe, and each has their own set of operational security requirements, making it nearly impossible to compromise.
Transactions require 2/3+ consensus
Upgrades require 2/3+ consensus
Building in the open hardens you in a way that nothing else does. We believe in the power of transparency and community and have been proudly sharing our progress, patterns, and process since July, 2020. It is open to any and everyone to contribute and improve upon.
Bug bounty programs and the white-hat community at large are a strategic value add to our internal security program. This program allows any motivated white-hat in the world to review our code and receive multi-million-dollar incentives - including the hightest single payout in the industry - to responsibly report critical bugs in Wormhole..Learn more
The Governor allows Wormhole Guardians to provide optional value movement protections to token bridges built on Wormhole. This protection allows Wormhole Guardians to govern (or effectively rate-limit) the notional flow of assets from any given token bridge chain.
This safety feature allows Guardians to limit the impact of any security issue any given chain may have from affecting other connected chains. The Governor allows the setting of daily limits of notional flow and also has an ability to set a fixed finality delay for transactions over a specific size for each supported chain..Whitepaper.Configuration Example
Want to help make Wormhole the most secure interoperability protocol in the world?.Join our team