# Secureum CARE-X Spearbit Porter kick-off ## 2022/3/24 CARE: Pre-audit to review code - Look for security pitfalls - Prepare a report - Rajeev compiles a report with all findings and shares with protocol / auditor Spearebit - Spearbit is building a security auditor DAO - Three levels of researchers 1. Lead security researchers 2. Security researchers 3. Apprentices (Secureum X ppl) Spearbit team - Hari Mulackal - Jake Lang - Spencer Macdonald Porter team - Namaskar (Kyle) - Head of smart contracts - Bookland (Russell) - CTO Porter - Building DeFi bonds for DAOs - 3 benefits: 1. Able to use native tokens as collateral 2. Able to borrow at fixed interest rate 3. No liquidations - Users: 1. Earn a fixed interest rate 2. Convertability - can convert native token to stable coin at fixed rate Scope of CARE-X - Repo: [porter-finance/v1-core](https://github.com/porter-finance/v1-core) - Uses [gnosis/ido-contracts](https://github.com/gnosis/ido-contracts) - Bookland will create a branch for Secureum auditors to use - Uses OpenZeppelin cloneable - Uses OpenZeppelin access control. Roles: - Admin - Withdraw - Mint - Focus on math (especially rounding) - [Porter Finance Docs](https://docs.porter.finance/portal/) - No upgradeability built into protocol except for modifying mint and withdraw role - No oracles Tooling - Used Slither and did static analysis - Went through security review checklist - Have not used a fuzzer