Glacier offers fully-automated AVAX liquid-staking. Users deposit AVAX, receive glAVAX/wglAVAX, and earn validator rewards without lock-ups or capital minimums. A reserve pool reallocates excess AVAX into strategies (Aave V3 at launch) to boost yield while maintaining instant-liquidity buffers.
Why Did They Need an Audit?
The protocol handles native AVAX, wraps/unwraps it, mints derivative tokens, and juggles strategy balances. Any accounting slip-up, allocation bug, or MEV vector could drain reserves or let arbitrageurs steal rewards. Three Sigma performed a two-auditor, two-person-week review before main-net rollout on Avalanche.
Scope of the Engagement
Audit Date: 2023-07-09
Language: Solidity
Type: Code Audit
Results and Findings
Notable High-Severity Issues
Aave V3 rewards paid in arbitrary tokens are ignored
Description – Aave’s RewardsController may deliver multiple ERC-20s unrelated to the supplied asset. Glacier’s AaveV3Strategy treated them as yield and silently accumulated dust, leaving value stranded and skewing reserve accounting.
Recommendation – Add a claimExtraRewards() hook that immediately forwards all non-WAVAX tokens to the network wallet for manual swap to WAVAX (method 1). Implemented in commit 3a4239f.
totalReserves omits strategy-side yield
Description – ReservePool.totalReserves was incremented only on deposits & withdrawals. Yield that accrued inside Aave or future strategies never surfaced, shrinking APY to zero and mis-sizing withdrawal quotes.
Recommendation – Replace stored counter with an on-chain view: query each strategy’s getBalance() at call time and sum. Added in commit 4bb9844.
Description – Anyone could front-run the hourly increaseNetworkTotal() call: deposit AVAX, let the shares/AVAX ratio jump, then withdraw instantly, capturing a day’s rewards.
Recommendation – Spread the reward inflation over a 24-hour drip (rewardsPerSecond) so opportunistic deposits must stay staked through the next rebalance. Implemented in commit a990358.
glAVAX._rebalanceWithdraw() changes share ratio mid-cycle
Description – To service queued withdrawals the contract converted shares to AVAX, parked the AVAX on the contract, and later burned shares. Temporarily altering the share/AVAX ratio opened an MEV arbitrage window.
Recommendation – Keep AVAX inside WAVAX: track a reserved WAVAX amount instead of raw AVAX, so the ratio is constant. A proof-of-concept patch is under team review.
Wrong min/max branch pulls excess WAVAX
Description – _rebalanceWithdraw() chose amountToWithdraw with the ternary wavaxBalance > needed ? wavaxBalance : needed, i.e. it withdrew the larger of the two values, draining more than required.
Recommendation – Flip the ternary to withdraw needed when the balance suffices.
Blockchain security isn't optional.
Protect your smart contracts and DeFi protocols with Three Sigma, a trusted security partner in blockchain audits, smart contract vulnerability assessments, and Web3 security.
Three Sigma’s audit of Glacier’s staking and reserve machinery uncovered five high-impact flaws and a handful of medium logic gaps around snapshots and strategy health. Four critical fixes are merged, with the share-ratio POC and queue-cooldown in active review. Combined with dozens of gas and style improvements, Glacier now approaches main-net release with far tighter accounting, safer reward handling, and robust fallback paths for strategy failure.
Secure Your Crypto Project Before It’s Too Late. Get in Touch Today.
