Glitter Finance is a base layer technology focused on interoperability, liquidity movement and ease of use. The bridge provides an interoperability solution that serves as a base layer for layer-1 networks and DeFi protocols across multiple blockchain networks.

Glitter Finance engaged Ackee Blockchain to perform a security review of the Glitter EVM smart contracts with a total time donation of 4 engineering days in a period between May 2 and May 10, 2023.


We began our review by using static analysis tools, namely Wake. We then took a deep dive into the logic of the contracts. For a local deployment, testing and fuzzing, we have involved Woke testing framework.

During the review, we paid special attention to:

  • the possibility of double spending,
  • detecting possible reentrancies in the code,
  • ensuring access controls are not too relaxed or too strict
  • cross-chain token handling,
  • proper on-chain data validation. 


The scope of the audit is EVM contracts of the protocol. Contracts work as an entry point for users and are responsible for locking/burning tokens on a source chain and releasing/minting tokens on the destination chain.

The audit has been performed on the commit 326f0fe and the scope was the following:

  • BaseVault.sol
  • LockReleaseVault.sol
  • MintBurnVault.sol
  • GlitterRouter.sol

During Revision 1.1, Glitter engaged Ackee Blockchain to perform a fix review on the given commit: 462ed5b.


Here we present our findings.

Critical severity 

No critical severity issues were found. 

High severity 

No high severity issues were found. 

Medium severity

M1: Missing handling of a token shortage 

M2: Problematic decimals

Low severity

L1: Vaults mapping logic 

Warning severity

W1: Lack of data validation in deposit function

W2: Lack of emits in state- changing functions 

Informational severity

I1: Missing parameters in NatSpec 


Our review resulted in 6 findings, ranging from Info to Medium severity. The code is very clear and well-documented. Standard documentation is missing, but the code is self-explanatory. The code is also well-tested. A big part of the logic is in the backend code of the bridge protocol, which was not in the scope of this audit. 

We recommended Glitter to:

  • add stronger data validation,
  • emit events for all state changes,
  • address all other reported issues. 

Ackee Blockchain’s full Glitter protocol audit report with a more detailed description of all findings and recommendations can be found here.

We were delighted to audit Glitter Finance and look forward to working with them again.