Trail of Bits Completes Audit of C.R.E.A.M. v1, v2 Iron Bank

By C.R.E.A.M. Finance, peer to peer lending and exchange platform on Ethereum, Binance Smart Chain and Fantom.

Join the Global Coin Research Network now and contribute your thoughts!

If you’d like to learn about crypto, join our Discord channel and be kept up to date with the latest investment research, breaking news and content, Crypto community happenings around the world!

After exploring various third-party companies, we hired Trail of Bits to perform a security review of C.R.E.A.M, given their expertise, reputation, and background knowledge of the Compound v2 code from auditing Compound.

From January 25 to January 27, 2021, Trail of Bits performed an assessment of the C.R.E.A.M. smart contracts with two engineers, working from commit ??2e83fc3? from CreamFi/compound-protocol?? as well as commit ?8c44071? from the ?cream-v2? branch of the same repository.

Trail of Bits focused solely on the changes that we introduced to our original fork of Compound’s codebase.

Here’s an overview of C.R.E.A.M. findings:

  • Trail of Bits gave C.R.E.A.M.’s codebase satisfactory ratings across the following key categories:

Access controls, arithmetic, assembly use, contract fungibility, function composition, monitoring, testing, and verification.

  • Trail of Bits did not identify any issues related to front-running
  • C.R.E.A.M.’s codebase received a weak rating on centralization because C.R.E.A.M. uses our own oracle solution as a fallback for certain assets, and the Comptroller admin address is authorized to replace the oracle at any time.
  • C.R.E.A.M.’s codebase received a weak rating on specification because official documentation was very limited. Because we are a fork of Compound, most of this documentation exists there; however, we need to do a better job of clearly documenting the differences.

We are taking Trail of Bits’ suggestions into strong consideration. C.R.E.A.M. v1 is now using decentralized oracle services across 81% on Ethereum and 94% on Binance Smart Chain. C.R.E.A.M. v2 Iron Bank has integrated decentralized oracle services across 77% of our markets. We are working toward 100% coverage by decentralized oracles. Specifically, we are focused on moving all oracles in C.R.E.A.M. Finance to decentralized options such as Chainlink and Band Protocol.

More details of the audit report are available on our GitHub and Trail of Bits’ GitHub.

If you have any ideas to help us build the most value lending protocol in DeFi, you can join us on Discord, follow us on Twitter, or visit us at

Crypto Rules Everything Around Me, C.R.E.A.M.

Leave a Reply

Your email address will not be published. Required fields are marked *

More from GCR


Exploring Farcaster & Frames – ...

Farcaster is a decentralized social networking platform similar to Twitter that is based on Optimism, Ethereum’s layer 2. Farcaster’s main goal is to facilitate communication ...


GCR Community Events Recap – ...

GCR IRL: Savor & Smoke: An Exclusive Dubai Experience with GCR, GCRx, and Rooch The excitement was palpable throughout “Savor & Smoke: An Exclusive Dubai ...

Featured GCR Announcement GCR Exclusive GCR Quarterly Review

GCR Market and Investment Trends ...

By Global Coin Research Team Highlights GCR is a research and investment community. As a collective, we source investments, conduct research and diligence, and make investments ...