Trail of Bits Completes Audit of C.R.E.A.M. v1, v2 Iron Bank

By C.R.E.A.M. Finance, peer to peer lending and exchange platform on Ethereum, Binance Smart Chain and Fantom.

Join the Global Coin Research Network now and contribute your thoughts!

If you’d like to learn about crypto, join our Discord channel and be kept up to date with the latest investment research, breaking news and content, Crypto community happenings around the world!

After exploring various third-party companies, we hired Trail of Bits to perform a security review of C.R.E.A.M, given their expertise, reputation, and background knowledge of the Compound v2 code from auditing Compound.

From January 25 to January 27, 2021, Trail of Bits performed an assessment of the C.R.E.A.M. smart contracts with two engineers, working from commit ??2e83fc3? from CreamFi/compound-protocol?? as well as commit ?8c44071? from the ?cream-v2? branch of the same repository.

Trail of Bits focused solely on the changes that we introduced to our original fork of Compound’s codebase.

Here’s an overview of C.R.E.A.M. findings:

  • Trail of Bits gave C.R.E.A.M.’s codebase satisfactory ratings across the following key categories:

Access controls, arithmetic, assembly use, contract fungibility, function composition, monitoring, testing, and verification.

  • Trail of Bits did not identify any issues related to front-running
  • C.R.E.A.M.’s codebase received a weak rating on centralization because C.R.E.A.M. uses our own oracle solution as a fallback for certain assets, and the Comptroller admin address is authorized to replace the oracle at any time.
  • C.R.E.A.M.’s codebase received a weak rating on specification because official documentation was very limited. Because we are a fork of Compound, most of this documentation exists there; however, we need to do a better job of clearly documenting the differences.

We are taking Trail of Bits’ suggestions into strong consideration. C.R.E.A.M. v1 is now using decentralized oracle services across 81% on Ethereum and 94% on Binance Smart Chain. C.R.E.A.M. v2 Iron Bank has integrated decentralized oracle services across 77% of our markets. We are working toward 100% coverage by decentralized oracles. Specifically, we are focused on moving all oracles in C.R.E.A.M. Finance to decentralized options such as Chainlink and Band Protocol.

More details of the audit report are available on our GitHub and Trail of Bits’ GitHub.

If you have any ideas to help us build the most value lending protocol in DeFi, you can join us on Discord, follow us on Twitter, or visit us at

Crypto Rules Everything Around Me, C.R.E.A.M.

Leave a Reply

Your email address will not be published. Required fields are marked *

More from GCR

Announcement GCR Exclusive Podcast

Theia – a Private Equity ...

Theia is a liquid digital assets fund applying the principles of prudent investing to blockchain, led by Co-Founders CEO John McNiff and CIO Felipe Montealegre.  ...


GCR Community Events Recap – ...



The Solana Ecosystem

This piece was originally published on We at GCR will bring to you long forms from Decentralised twice every Month – every alternate Thursday! ...