Secureum CARE-X
Spearbit Porter kick-off
2022/3/24
CARE: Pre-audit to review code
- Look for security pitfalls
- Prepare a report
- Rajeev compiles a report with all findings and shares with protocol / auditor
Spearebit
- Spearbit is building a security auditor DAO
- Three levels of researchers
- Lead security researchers
- Security researchers
- Apprentices (Secureum X ppl)
Spearbit team
- Hari Mulackal
- Jake Lang
- Spencer Macdonald
Porter team
- Namaskar (Kyle) - Head of smart contracts
- Bookland (Russell) - CTO
Porter
- Building DeFi bonds for DAOs
- 3 benefits:
- Able to use native tokens as collateral
- Able to borrow at fixed interest rate
- No liquidations
- Users:
- Earn a fixed interest rate
- Convertability - can convert native token to stable coin at fixed rate
Scope of CARE-X
- Repo: porter-finance/v1-core
- Uses gnosis/ido-contracts
- Bookland will create a branch for Secureum auditors to use
- Uses OpenZeppelin cloneable
- Uses OpenZeppelin access control. Roles:
- Focus on math (especially rounding)
- Porter Finance Docs
- No upgradeability built into protocol except for modifying mint and withdraw role
- No oracles
Tooling
- Used Slither and did static analysis
- Went through security review checklist
- Have not used a fuzzer