Security Audit Report Compilation: OKX Wallet's Security Assessments

CertiK Security Audits

OKX Wallet's frontend, mobile (iOS/Android), and SDK components successfully passed CertiK's security audit:

Audited Components Included:

• Mobile App Code:
  iOS/Android modules handling wallet creation/import, password management, and cloud backups.
• Frontend Module:
  React UI components for wallet functionalities and JavaScript controllers for auth key management.
• Wallet SDK Modules:
  Bitcoin SDK, okwallet-core, and related source code.

Audit Findings:

• 5 security issues identified (3 low-risk, 2 undetermined risk).
  All resolved prior to publication.
  👉 View detailed CertiK audit report

Threshold-lib Library Audit

OKX Wallet's Threshold-lib library cleared CertiK's security assessment. Focus areas included cryptographic implementations and key management protocols.

Core Contracts Audit

CertiK evaluated OKX Wallet’s critical smart contracts:

• DexRouter: Cross-DEX asset trading router.
• OkxNFTMarketAggregator: Multi-marketplace NFT trading aggregator.
• Entrance: Authorized instruction execution gateway.
• UniswapV2AdapterMain: LP token staking adapter for UniswapV2 pools.

Result: Low-risk rating with all vulnerabilities patched.
👉 Access full contract audit

Solana Marketplace Audit

OKX’s Solana-based marketplace achieved CertiK’s low-risk certification post-remediation.

SlowMist Security Audits

Android MPC Module Audit

SlowMist’s assessment of OKX Wallet’s Android MPC implementation revealed:

• 9 suggestions for optimization.
• 1 low-risk vulnerability (resolved).

Overall: Low-risk approval.
👉 Read SlowMist’s MPC report

Ord Repository Audit

SlowMist’s review of OKX’s Ord repository identified:

• 7 low-risk vulnerabilities.
• 3 optimization suggestions.

Result: Passed with full remediation.

Account Abstraction Audit

SlowMist certified OKX Wallet’s account abstraction layer as low-risk after issue resolution.

Private Key Module Audit

Third-party verification confirmed:

• Keys/phrases stored exclusively on user devices.
• Zero external server transmission.

Official SlowMist Announcement:
👉 SlowMist’s tweet on private key security

FAQs

1. How does OKX Wallet ensure key security?

All private keys and seed phrases remain device-local, never exposed to servers or third parties.

2. What was the highest-risk issue found in CertiK’s audit?

Two undetermined-risk issues (later downgraded) related to edge-case transaction scenarios.

3. Are OKX’s smart contracts upgradable?

Audited contracts include immutable core functions with modular adapters for future-proofing.

4. How often does OKX Wallet undergo audits?

Bimonthly assessments for new features, with annual full-system reviews.

5. Can users verify audit results independently?

All reports are publicly accessible via CertiK/SlowMist’s websites and OKX’s transparency portal.

OKX Wallet maintains Web3’s gold standard for multichain security, supporting 100+ networks with seamless DeFi/NFT integration. Continuous audits underscore our commitment to trustless asset management.

Explore more:
👉 OKX Wallet’s latest security features