Protocol Security
Review our security practices, audits, and risk management framework.
The Grove Allocator follows a three-layer architecture that separates custody, business logic, and risk management into distinct smart contract components. The ALMProxy holds custody of all funds and can only be called by authorized Controllers. Controllers handle operational logic and are subject to rate limits enforced by the RateLimits contract. This separation means controller logic can be upgraded independently without migrating funds, and a vulnerability in one layer does not automatically compromise the others.
Beyond pre-deployment audits, the protocol includes operational safeguards that actively manage risk during live operations. The FREEZER role provides emergency circuit-breaking capability, allowing authorized actors to revoke relayer access and halt all automated operations immediately. The RateLimits contract enforces configurable, time-based caps on all capital movements, preventing excessive deployment within short timeframes. Rate limits refill linearly over time, ensuring that even in normal operations, capital flows are bounded.
Grove Protocol takes a multi-layered approach to smart contract security, combining independent audits from leading security firms with formal verification to ensure comprehensive coverage. Each protocol component undergoes at least two independent audit rounds per major version release, conducted by separate firms to eliminate single-auditor blind spots. Manual security reviews are complemented by formal verification through Certora, which mathematically proves that critical invariants hold under all possible execution paths. All findings are remediated and verified before deployment to production.
Our current audit partners include:
- ChainSecurity — Smart contract security audits and formal verification
- Spearbit — Security reviews via the Cantina platform
- Certora — Formal verification and security audits
v1.6.0
v1.8.0
v1.1.0
v1.2.0
v1.1.0
v1.2.0