Increment's Newsletter

Share this post
Identifying Security Pitfalls and Smart Contract Best Practices
increment.substack.com

Identifying Security Pitfalls and Smart Contract Best Practices

Increment joins the Secureum CARE program

Increment Team
Mar 28
1
Share this post
Identifying Security Pitfalls and Smart Contract Best Practices
increment.substack.com

CARE stands for "Comprehensive Audit Readiness Evaluation." CARE is not a replacement for a security audit, but is intended to happen before an audit so that protocol code becomes ready for future audit(s) to get a better security outcome from the process. The program reviews protocol code mainly for common security pitfalls and best-practices as related to smart contracts written in Solidity specifically for Ethereum blockchain or associated Layer-2 protocols. The pitfalls & best-practices are evaluated from (but not limited to) Secureum’s Security Pitfalls & Best Practices 101 and 201. 

CARE aims to help identify such common pitfalls & best-practices so that they can be fixed before audits. This improves protocol's risk posture earlier in the design & development lifecycle and enables future audit(s) to focus more on deeper/harder application-specific and economic vulnerabilities. CARE helps smart contract security "shift-left" which is widely regarded as significantly improving security posture and outcome. The review is performed by "CAREtakers" which includes a Secureum representative (who has a proven track-record of smart contract security expertise/experience) along with invited participants who are top-performing members of the Secureum community and aspiring smart contract security experts.

In terms of the timeline, we anticipate the code review to progress as follows:

  • March 31st: Begin

  • April 7th: Draft Report

  • April 14th: Final Report

The Increment protocol is building global exchange rate products on zkSync 2.0 to unleash the power of DeFi for citizens around the world. In our V1, the protocol utilizes pooled virtual assets and Curve V2’s CryptoSwap AMM as the trading engine to enable multi-currency perpetual swaps. We believe that the Secureum CARE program will provide a comprehensive pre-audit review of our codebase, further optimizing the audit-readiness of our protocol before we proceed with official audits from Peckshield and Trail of Bits in the coming months.

For further reference, please find the previous CARE program reports here.


Increment is a distributed, algorithmic exchange rate protocol building on zkSync 2.0, empowering open finance for non-USD participants in DeFi.

To learn more, visit our Docs
For the latest updates and news, follow us on Twitter
Join the community on Discord.

Comment
Share
Share this post
Identifying Security Pitfalls and Smart Contract Best Practices
increment.substack.com

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 Increment
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing