Open in app

Sign in

Write

Sign in

Trail of Bits Completes Audit of C.R.E.A.M. v1, v2 Iron Bank

C.R.E.A.M.
C.R.E.A.M. Finance
Published in
2 min readMar 10, 2021

After exploring various third-party companies, we hired Trail of Bits to perform a security review of C.R.E.A.M, given their expertise, reputation, and background knowledge of the Compound v2 code from auditing Compound.

From January 25 to January 27, 2021, Trail of Bits performed an assessment of the C.R.E.A.M. smart contracts with two engineers, working from commit ​​2e83fc3​ from CreamFi/compound-protocol​​ as well as commit ​8c44071​ from the ​cream-v2​ branch of the same repository.

Trail of Bits focused solely on the changes that we introduced to our original fork of Compound’s codebase.

Here’s an overview of their findings:

  • Trail of Bits gave C.R.E.A.M.’s codebase satisfactory ratings across the following key categories:

Access controls, arithmetic, assembly use, contract fungibility, function composition, monitoring, testing, and verification.

  • Trail of Bits did not identify any issues related to front-running
  • C.R.E.A.M.’s codebase received a weak rating on centralization because C.R.E.A.M. uses our own oracle solution as a fallback for certain assets, and the Comptroller admin address is authorized to replace the oracle at any time.
  • C.R.E.A.M.’s codebase received a weak rating on specification because official documentation was very limited. Because we are a fork of Compound, most of this documentation exists there; however, we need to do a better job of clearly documenting the differences.

We are taking Trail of Bits’ suggestions into strong consideration. C.R.E.A.M. v1 is now using decentralized oracle services across 81% on Ethereum and 94% on Binance Smart Chain. C.R.E.A.M. v2 Iron Bank has integrated decentralized oracle services across 77% of our markets. We are working toward 100% coverage by decentralized oracles. Specifically, we are focused on moving all oracles in C.R.E.A.M. Finance to decentralized options such as Chainlink and Band Protocol.

More details of the audit report are available on our GitHub and Trail of Bits’ GitHub.

If you have any ideas to help us build the most value lending protocol in DeFi, you can join us on Discord, follow us on Twitter, or visit us at cream.finance.

C.R.E.A.M. DAO
Crypto Rules Everything Around Me, C.R.E.A.M.

Defi
Bitcoin
Ethereum
Blockchain
Audit

--

--

C.R.E.A.M.
C.R.E.A.M. Finance

Written by C.R.E.A.M.

9.2K Followers
Editor for

C.R.E.A.M Finance is a decentralized lending protocol. Crypto Rules Everything Around Me.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams