Across is a leading crosschain bridge protocol, designed to provide fast, secure, and capital-efficient transfers between Ethereum, Layer 2s, and other blockchains such as Solana and BNB Smart Chain. As critical infrastructure moving billions in value across chains, Across underpins the interoperability layer of DeFi, making rigorous security essential for every upgrade and integration.
The Challenge
As a leading interoperability protocol, Across’s mission to provide fast and capital-efficient bridging comes with complex risks:
- Crosschain Complexity: Supporting multiple execution environments, from EVM to Solana, introduces new classes of vulnerabilities.
- Continuous Upgrades: Frequent integration of new features and chains requires fast, iterative security reviews without slowing engineering velocity.
- Systemic Risk Exposure: As critical infrastructure for liquidity transfer, even a single vulnerability could undermine trust in the entire ecosystem.
To grow safely, Across required a dedicated security partner that could embed into its development cycles, provide cross-domain expertise, and respond rapidly to new risks.
OpenZeppelin's Solution
Embedded Strategic Security Partnership
Since 2022, OpenZeppelin has served as Across’ dedicated security partner under a long-term security partnership model. This embedded approach provides on-demand access to auditors familiar with the Across codebase, ensuring continuity, speed, and deep context awareness.
Comprehensive Security Coverage
Across engagements included 18 audits covering both EVM-based upgrades and non-EVM integrations:
- Solana SpokePool Validation Mechanism: First-of-its-kind review by OpenZeppelin, demonstrating capability to secure Solana programs at production scale.
- EVM Universal Adopter & Periphery Changes: Ensuring smooth integration across multiple Ethereum L2s.
- OFT Integration & Polygon USDT0 Support: Securing major liquidity pathways.
- Architecture-Level Reviews: SpokePool, nonce hashing, deposit typehash logic, and verifier redeployments across new chains including Unichain and Soneium.
Solana Programs Security Expertise
OpenZeppelin audited Across’s Solana SpokePool Validation Mechanism, securing the launch of USDC bridging to Solana with the same rigor applied across its EVM deployments.
“OpenZeppelin has long been a partner for us when venturing into new territory. They match our pace of innovation stride for stride, enabling us to grow without sacrificing safety. For Solana, they had a purpose-built team ready to audit our program and support the rollout.”
The Results
Comprehensive Security Coverage
Across’ long-term partnership with OpenZeppelin uncovered over 232 issues across 18 audits, including 9 critical and high-severity vulnerabilities. Each review ensured that protocol upgrades, crosschain integrations, and new deployments were secured before going live.
Launch of the Solana USDC Bridge Route
Security reviews enabled Across to launch USDC bridging to Solana, connecting the two ecosystems with the highest transaction volume and reinforcing its role as a leading interoperability protocol.
Confidence to Scale
With continuous audit coverage and embedded security expertise, Across can ship upgrades rapidly while maintaining the trust of its users and partners.
Proven Security
Across has maintained a spotless security record since launch. With zero exploits to date, the protocol has consistently demonstrated its resilience through rigorous audits, ongoing monitoring, and battle-tested design. Security remains the foundation of bridging at scale.
OpenZeppelin and Across's continuous security partnership enabled the crosschain interoperability protocol to scale with confidence—securing $30B+ in cumulative bridge volume and achieving zero security exploits throughout 18 comprehensive audits that uncovered 232 issues, ensuring resilient growth for one of DeFi's most trusted bridging protocols.
