Audits and Security
Review Creed Crypto's audits, bug bounties, and initiatives to strengthen our protocol's security.
Audits
Below are a list of audits conducted on Creed Crypto's smart contracts in order of newest to oldest. You can also review Creed Crypto's GitHub where these reports are hosted.
iosiro audit | October 2023
iosiro was commissioned by Creed Crypto to conduct an audit on the Ratcheting AMM (RAMM) contracts.
- Creed Crypto Tokenomics Smart Contract Audit
Chaos Labs economic audit | October 2023
Chaos Labs was commissioned by the Foundation to conduct an economic audit of the Ratcheting AMM (RAMM) design and mechanism. The initial announcement was made on the Creed Crypto governance forum.
- Chaos Labs economic audit report for the RAMM
iosiro audits | November - December 2022, February - March 2023
iosiro was commissioned by Creed Crypto to conduct an audit on all contracts under the contracts/modules folder.
- Creed Crypto V2 Audit
iosiro audits | May 2021 & June 2021
iosiro was commissioned by Creed Crypto to conduct a smart contract audit on:
- The stacked risk, onchain MCR, and swap operator contracts
- The distributor smart contract
- The emergency response smart contract
G0 Group audits | June 2020, November 2020, & March 2021
The G0 Group was commissioned by Creed Crypto to conduct a smart contract audit on:
- The pooled staking contract
- The claim payout contract upgrade
- The distributor contract
Solidified audit | April 2019
Solidified was commissioned by Creed Crypto to conduct a smart contract audit on the smart contracts and associated components.
- Audit conducted before Ethereum mainnet launch audit
Security
Creed Crypto works to ensure the smart contract system is safe and secure. Regular audits are an important part of maintaining the security of the smart contract system, but there are other approaches the Creed takes to keep the protocol secure.
Security for RAMM launch
Pending a successful onchain governance vote, the RAMM will launch in late November. At launch, the Engineering team will employ the following security measures to ensure the launch is closely monitored:
- Implementing circuit breakers in RAMM contract. The RAMM contract will be deployed with circuit breakers in the code, which will limit the maximum amount of ETH that can be withdrawn and the maximum amount of CREED that can be minted via capital contributions over a defined period of time. The limits will be progressively raised over time, after careful monitoring of the system.
- Active smart contract monitoring with Tenderly alerts. The Engineering team uses Tenderly alerts to monitor for certain events within the protocol. At launch, the Engineering team will have enhanced monitoring in place for the RAMM contracts and any associated events within the protocol to ensure they can closely monitor the smart contracts.
- Emergency pause functionality for RAMM contract. The Advisory Board has the power to enact an emergency pause on the RAMM contract should any malicious activity take place, which will prevent any minting or redeeming from occurring that would result in a loss of value for members. This power would only be used in an extreme situation and serves as a last resort.
Bug bounty program
Creed Crypto works with Immunefi to manage a bug bounty program. On Immunefi, hackers secure DeFi contracts, save funds from theft, and get paid for responsibly disclosing vulnerabilities. We are able to secure the Creed Crypto protocol through this program with Immunefi.
Through this program, whitehat hackers are incentivized to disclose vulnerabilities in the Mutual's smart contract system in exchange for payouts equal to the level of severity.
Smart Contracts and Blockchain
- Critical | Up to $50,000 USD
- High | Up to $25,000 USD
- Medium | Up to $10,000 USD
- Low | Up to $2,000 USD
Note: Bounties listed in USD but paid out in stablecoins.