With dYdX, you remain in full control of your funds at all times. There are no central intermediaries that hold your private keys. Your funds are secured by smart contracts at all times when they are on dYdX.
We take the security of our smart contracts extremely seriously. We’ve conducted rigorous internal testing and contracted top security firms to perform thorough audits of our systems. Our contracts and security audits are open-source, and verifiable by anyone.
Perpetuals Protocol on Layer 2 Audits
The smart contracts were audited independently by PeckShield.
Perpetuals Protocol on Layer 1 Audits
The smart contracts were audited independently by Zeppelin Solutions.
Solo (Margin/Spot/Lending) Protocol Audits
The smart contracts were audited independently by both Zeppelin Solutions and Bramah Systems.
Many protocols have an administrative account that can add or remove features from the protocol. In our case, the account can add new markets, change interest rate functions, or set new oracles for prices. This admin account is an on-chain multisignature wallet, making it publicly auditable. For Layer 2 Perpetuals the multisig has a 14-day delay for taking any admin actions, allowing us to cancel malicious actions or notify the public before they occur. For Solo & Layer 1 Perpetuals, the multisig has a 3-day delay. We plan to increase this delay in the future.
Our track record speaks for itself: since launching our first product in October of 2018, dYdX is the only major DeFi lending protocol that has yet to receive a bug report of user funds being at-risk. No significant issues have ever even been found by independent auditors. No user has ever lost funds on dYdX due to a security incident with our smart contracts.