Trail of Bits Completes Audit of C.R.E.A.M. v1, v2 Iron Bank

Trail of Bits Completes Audit of C.R.E.A.M. v1, v2 Iron Bank

By C.R.E.A.M. Finance, peer to peer lending and exchange platform on Ethereum, Binance Smart Chain and Fantom.

Join the Global Coin Research Network now and contribute your thoughts!

If you’d like to learn about crypto, join our Discord channel and be kept up to date with the latest investment research, breaking news and content, Crypto community happenings around the world!


After exploring various third-party companies, we hired Trail of Bits to perform a security review of C.R.E.A.M, given their expertise, reputation, and background knowledge of the Compound v2 code from auditing Compound.

From January 25 to January 27, 2021, Trail of Bits performed an assessment of the C.R.E.A.M. smart contracts with two engineers, working from commit ??2e83fc3? from CreamFi/compound-protocol?? as well as commit ?8c44071? from the ?cream-v2? branch of the same repository.

Trail of Bits focused solely on the changes that we introduced to our original fork of Compound’s codebase.

Here’s an overview of their findings:

  • Trail of Bits gave C.R.E.A.M.’s codebase satisfactory ratings across the following key categories:

Access controls, arithmetic, assembly use, contract fungibility, function composition, monitoring, testing, and verification.

  • Trail of Bits did not identify any issues related to front-running
  • C.R.E.A.M.’s codebase received a weak rating on centralization because C.R.E.A.M. uses our own oracle solution as a fallback for certain assets, and the Comptroller admin address is authorized to replace the oracle at any time.
  • C.R.E.A.M.’s codebase received a weak rating on specification because official documentation was very limited. Because we are a fork of Compound, most of this documentation exists there; however, we need to do a better job of clearly documenting the differences.

We are taking Trail of Bits’ suggestions into strong consideration. C.R.E.A.M. v1 is now using decentralized oracle services across 81% on Ethereum and 94% on Binance Smart Chain. C.R.E.A.M. v2 Iron Bank has integrated decentralized oracle services across 77% of our markets. We are working toward 100% coverage by decentralized oracles. Specifically, we are focused on moving all oracles in C.R.E.A.M. Finance to decentralized options such as Chainlink and Band Protocol.

More details of the audit report are available on our GitHub and Trail of Bits’ GitHub.

If you have any ideas to help us build the most value lending protocol in DeFi, you can join us on Discord, follow us on Twitter, or visit us at cream.finance.

C.R.E.A.M. DAO
Crypto Rules Everything Around Me, C.R.E.A.M.

Leave a Reply

Your email address will not be published. Required fields are marked *

More from GCR

Greg d’Incelli - Scenius and the FTX impact on allocator appetite - Global Coin Research

Featured GCR Announcement GCR Exclusive Podcast

Greg d’Incelli – Scenius and ...

Gregory d’Incelli is the co-founder of Scenius Capital. Scenius is a digital assets and blockchain technology investment firm focused on providing sophisticated investors curated access ...

An Overview of Music NFTs - Global Coin Research

NFT

An Overview of Music NFTs

Introduction NFT or a non-fungible token is a unique digital asset on the blockchain that can be bought or sold. TheNFT movement has spread to ...

Insights

Writing NFTs As The New ...

The more I search for new perspectives on specific topics for my essays, the more I realize the difficulty of finding hidden gems and quality ...