Increment’s Blog
Published in

Increment’s Blog

Identifying Security Pitfalls and Smart Contract Best Practices

CARE stands for “Comprehensive Audit Readiness Evaluation.” CARE is not a replacement for a security audit, but is intended to happen before an audit so that protocol code becomes ready for future audit(s) to get a better security outcome from the process. The program reviews protocol code mainly for common security pitfalls and best-practices as related to smart contracts written in Solidity specifically for Ethereum blockchain or associated Layer-2 protocols. The pitfalls & best-practices are evaluated from (but not limited to) Secureum’s Security Pitfalls & Best Practices 101 and 201.

CARE aims to help identify such common pitfalls & best-practices so that they can be fixed before audits. This improves protocol’s risk posture earlier in the design & development lifecycle and enables future audit(s) to focus more on deeper/harder application-specific and economic vulnerabilities. CARE helps smart contract security “shift-left” which is widely regarded as significantly improving security posture and outcome. The review is performed by “CAREtakers” which includes a Secureum representative (who has a proven track-record of smart contract security expertise/experience) along with invited participants who are top-performing members of the Secureum community and aspiring smart contract security experts.

In terms of the timeline, we anticipate the code review to progress as follows:

  • April 7th: Draft Report
  • April 14th: Final Report

The Increment protocol is building global exchange rate products on zkSync 2.0 to unleash the power of DeFi for citizens around the world. In our V1, the protocol utilizes pooled virtual assets and Curve V2’s CryptoSwap AMM as the trading engine to enable multi-currency perpetual swaps. We believe that the Secureum CARE program will provide a comprehensive pre-audit review of our codebase, further optimizing the audit-readiness of our protocol before we proceed with official audits from Peckshield and Trail of Bits in the coming months.

For further reference, please find the previous CARE program reports here.

Increment is a decentralized, algorithmic perpetual swaps protocol building on zkSync 2.0, featuring automatically concentrated liquidity, dynamic fees and parametrizable pools.

To learn more, visit our Docs
For the latest updates and news, follow us on Twitter
Join the community on Discord.

Originally published at https://increment.substack.com on March 28, 2022.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Increment

A decentralized, algorithmic perpetual swaps protocol on zkSync 2.0, featuring automatically concentrated liquidity, dynamic fees and parametrizable pools.