Identifying Security Pitfalls and Smart Contract Best Practices
Increment joins the Secureum CARE program
CARE stands for "Comprehensive Audit Readiness Evaluation." CARE is not a replacement for a security audit, but is intended to happen before an audit so that protocol code becomes ready for future audit(s) to get a better security outcome from the process. The program reviews protocol code mainly for common security pitfalls and best-practices as related to smart contracts written in Solidity specifically for Ethereum blockchain or associated Layer-2 protocols. The pitfalls & best-practices are evaluated from (but not limited to) Secureum’s Security Pitfalls & Best Practices 101 and 201.
CARE aims to help identify such common pitfalls & best-practices so that they can be fixed before audits. This improves protocol's risk posture earlier in the design & development lifecycle and enables future audit(s) to focus more on deeper/harder application-specific and economic vulnerabilities. CARE helps smart contract security "shift-left" which is widely regarded as significantly improving security posture and outcome. The review is performed by "CAREtakers" which includes a Secureum representative (who has a proven track-record of smart contract security expertise/experience) along with invited participants who are top-performing members of the Secureum community and aspiring smart contract security experts.
In terms of the timeline, we anticipate the code review to progress as follows:
March 31st: Begin
April 7th: Draft Report
April 14th: Final Report
The Increment protocol is building global exchange rate products on zkSync 2.0 to unleash the power of DeFi for citizens around the world. In our V1, the protocol utilizes pooled virtual assets and Curve V2’s CryptoSwap AMM as the trading engine to enable multi-currency perpetual swaps. We believe that the Secureum CARE program will provide a comprehensive pre-audit review of our codebase, further optimizing the audit-readiness of our protocol before we proceed with official audits from Peckshield and Trail of Bits in the coming months.
For further reference, please find the previous CARE program reports here.
Increment is a decentralized, algorithmic perpetual swaps protocol building on zkSync 2.0, featuring automatically concentrated liquidity, dynamic fees and parametrizable pools.