Trail of Bits Completes Audit of C.R.E.A.M. v1, v2 Iron Bank

By C.R.E.A.M. Finance, peer to peer lending and exchange platform on Ethereum, Binance Smart Chain and Fantom.

Join the Global Coin Research Network now and contribute your thoughts!

If you’d like to learn about crypto, join our Discord channel and be kept up to date with the latest investment research, breaking news and content, Crypto community happenings around the world!


After exploring various third-party companies, we hired Trail of Bits to perform a security review of C.R.E.A.M, given their expertise, reputation, and background knowledge of the Compound v2 code from auditing Compound.

From January 25 to January 27, 2021, Trail of Bits performed an assessment of the C.R.E.A.M. smart contracts with two engineers, working from commit ​​2e83fc3​ from CreamFi/compound-protocol​​ as well as commit ​8c44071​ from the ​cream-v2​ branch of the same repository.

Trail of Bits focused solely on the changes that we introduced to our original fork of Compound’s codebase.

Here’s an overview of their findings:

  • Trail of Bits gave C.R.E.A.M.’s codebase satisfactory ratings across the following key categories:

Access controls, arithmetic, assembly use, contract fungibility, function composition, monitoring, testing, and verification.

  • Trail of Bits did not identify any issues related to front-running
  • C.R.E.A.M.’s codebase received a weak rating on centralization because C.R.E.A.M. uses our own oracle solution as a fallback for certain assets, and the Comptroller admin address is authorized to replace the oracle at any time.
  • C.R.E.A.M.’s codebase received a weak rating on specification because official documentation was very limited. Because we are a fork of Compound, most of this documentation exists there; however, we need to do a better job of clearly documenting the differences.

We are taking Trail of Bits’ suggestions into strong consideration. C.R.E.A.M. v1 is now using decentralized oracle services across 81% on Ethereum and 94% on Binance Smart Chain. C.R.E.A.M. v2 Iron Bank has integrated decentralized oracle services across 77% of our markets. We are working toward 100% coverage by decentralized oracles. Specifically, we are focused on moving all oracles in C.R.E.A.M. Finance to decentralized options such as Chainlink and Band Protocol.

More details of the audit report are available on our GitHub and Trail of Bits’ GitHub.

If you have any ideas to help us build the most value lending protocol in DeFi, you can join us on Discord, follow us on Twitter, or visit us at cream.finance.

C.R.E.A.M. DAO
Crypto Rules Everything Around Me, C.R.E.A.M.

Leave a Reply