MoveBit Completes Security Audit for AMM (Automated Market Maker) on OmniBTC

3 min readDec 15, 2022

After 6 working days of code review and analysis, MoveBit completed the security audit report on the OmniBTC AMM automated market maker. We are happy to share this report with the community, you can download a PDF version of the security audit report at the following link:

This is the first open source AMM swap smart contract audit on the Sui. The MoveBit expert team mainly reviewed the code security and specifications of OmniBTC, and then conducted code running tests and business logic security tests on the test network, and found no major issues that may affect the security of token swap.

Methodology :

The security team adopted the “Testing and Automated Analysis”, “Code Review” and “Formal Verification” strategy to perform a complete security test on the code in a way that is closest to the real attack. The main entrance and scope of security testing are stated in the conventions in the “Audit Objective”, and that can expand to contexts beyond the scope according to the actual testing needs. The main types of this security audit include:

(1) Testing and Automated Analysis
Items to check: state consistency / failure rollback/unit testing/value overflows / parameter verification / unhandled errors/boundary checking/coding specifications.

(2) Code Review
Code scope:

(3) Formal Verification
Perform formal verification for key functions with the Move Prover.

(4) Audit Process
● Carry out relevant security tests on the testnet or the mainnet;
● If there are any questions during the audit process, communicate with the code owner in time. The code owners should actively cooperate (this might include providing the latest stable source code, relevant deployment scripts or methods, transaction signature scripts, exchange docking schemes, etc.);
● The necessary information during the audit process will be well documented for both the audit team and the code owner in a timely manner.

Feedback by OmniBTC:

“OmniBTC actively embraces the two major ecosystems of Move, Aptos, and Sui. MoveBit, as the most professional security audit company in the Move ecosystem, protects the security of OmniBTC Move smart contract with a professional attitude and high efficiency.”

OmniBTC has already implemented support for token swap between EVM chains, token swap between EVM chains and Aptos, and deposit BTC into Aptos. OmniBTC is in the process of implementing token swap on Sui, another mainstream public chain of Move.

To achieve this goal, OmniBTC has partnered with MoveBit as the partner in a security audit of the Move ecosystem. The partnership between the two will begin with OmniBTC’s Sui AMM Swap audit and together make the Move ecosystem the most secure Web3 ecosystem.

About OmniBTC:

OmniBTC is an omnichain financial platform for web3,including omnichain swap and BTC omnichain lending.

  • DOLA Protocol — A decentralized Omnichain liquidity aggregation protocol with the single currency pool of each public chain as the core, cross-chain message protocols such as Wormhole and Layerzero as bridges, and Sui public chain as the settlement center.
  • Omnichain Swap — Based on omnichain interoperability protocol LayerZero, users can exchange any token between any chains with one click.
  • BTC Omnichain lending — Combining the Bitcoin Layer2 smart contract platform ChainX and the omnichain interoperability protocol LayerZero, users can lend their own Bitcoins and borrow any stablecoins on any chain
  • Omnichain-refers to the Polkadot parachain captured by the ChainX team. The ChainX team will build Omnichain into a cross-chain interoperability hub among the Bitcoin network, Polkadot ecology, EVM ecology, MoveVM ecology, and Cosmos ecology based on technologies such as Zkrollup, XCMP, ibc, and Lightning Network.

OminBTC social media platforms:




About MoveBit

MoveBit is a security company for the Move ecosystem with a vision to make the Move ecosystem the most secure Web3 destination. The MoveBit team is composed of security leaders from academia and enterprise with 10 years of security experience. The team was one of the earliest contributors to the Move ecosystem, working with Move developers to set the standard for secure Move applications.

MoveBit Social Media Platforms:

Official Website | Twitter | Medium | GitHub