Curvance Approach to Security: Security-First By Design
This article provides an introduction to Curvance’s security-first approach and gives an insight into how we are leveraging our security framework to limit external risk.
In the ever-evolving crypto landscape, security is paramount.
According to Chainalysis 2024 Crypto Crime Trends, while illicit activity is declining (as reflected in the chart below), attacks against DeFi protocols are becoming increasingly complex, especially now that the crypto landscape is fundamentally multichain — opening up more attack vectors.
Curvance aims to be the main multichain money market for yield-bearing on-chain. While cross-chain operations introduce additional complexity, Curvance adopts a security-first approach to safeguard its users and manage external risk.
In particular, the protocol was built from the ground up to limit common attack vectors experienced by similar primitives, especially flash loans, and by extension, re-entrancy attacks.
Furthermore, the Curvance code stack will be open-sourced as a public good and a virtuous example, as one of the most audited, tested, and reviewed codebases across DeFi protocols.
But first, what are we protecting ourselves against?
Curvance Protocol Risks
As with any DeFi protocol, Curvance faces several risks that users should be aware of.
- Smart Contract Risk: These are vulnerabilities in smart contracts that are heightened because Curvance is a very complex protocol, natively multichain via the Wormhole tech stack and built on top of protocols such as Pendle, or Convex. This complexity adds an extra layer of risk.
- Oracle Manipulation Risk: As Curvance relies on oracles to price assets, their manipulation represents a risk and possible vector of attack for the protocol.
- Liquidation Risk: Any user operating on Curvance is automatically exposed to liquidation risk, proportional to the asset borrowed. For this reason, users are required to manage their positions accordingly.
Security at Curvance
Being a multichain protocol requires additional security measures and all the vectors of attacks that it opens up as a result.
As part of our security framework, Curvance is introducing design elements to mitigate the risks mentioned above.
In particular, to mitigate Oracle Manipulation Risk and Liquidation Risk, Curvance is introducing a Dual Oracle System (using Chainlink, Pyth, API3, Redstone, and more). This makes price manipulation attacks cost-prohibitive as attackers would need to manipulate prices across two different Oracle feeds at the same rate and time.
In case of divergence between the oracles or larger-than-average moves, Curvance can pause borrowing in a market until the prices of the two converge again to avoid flash loan attacks and other potential attacks against the protocol
These two systems combined make up what is referred to as the Curvance Circuit Breaker System. Using two oracles will have no impact on the efficiency of our money market: the most favorable price to the protocol will always be used to calculate a price’s final price and maximize protection to stablecoin lenders.
Curvance also features a 20-minute “cooldown period” to reduce the risk of re-entrancy attacks requiring a minimum time to pass before users can close their positions.
Furthermore, to best secure its protocol from Smart Contract risks Curvance is partnering with industry leaders to conduct several audits, each focusing on a different element of its tech stack.
Let’s now explore how we work with some of the industry-leading security experts to secure the Curvance tech stack, complementing each other.
Trust Security
Trust Security is one of the most successful auditing firms in the Web3 space, with a team of top whitehat security researchers with extensive experience in the space and have found live bugs in protocols such as Chainlink. They have audited the likes of Blur, Rysk, Lyra, OlympusDAO, Lukso and more.
In particular, they have extensive experience with cross-chain systems, recognized by their experience with Optimism Bedrock public audit competition.
Trust Security serves as Curvance’s primary security partner for identifying and addressing general bugs and exploits within our codebase. This comprehensive review ensures the seamless integration of all components within our tech stack, making Trust Security the partner with whom we’ve dedicated the most time in reviewing our codebase over the past six months.
Trust Security’s reputation speaks for itself, as the auditing firm is regarded as one of the main “Wardens” on Code4rena and ImmuneFi in terms of bugs found and total winnings.
Y-Audit
We also work together with YearnFi’s Y-Audit Team, which has already collaborated with projects such as Rage Trade, TempleDAO, and of course on YearnFi.
Y-Audit is an auditing collective selected by the yAcademy training program, part of YearnFi. In particular, their model takes a decentralized approach to auditing, making it more collaborative and scalable.
With regard to Curvance, our collaboration with Y-Audit is mainly centered around numerical stress testing through stateless fuzzing.
Trail of Bits
We are working together with Trail of Bits to develop our stateful fuzzing suite on Curvance’s codebase.
Trail of Bits is trusted by some of the most established businesses, including clients such as Adobe, GitHub, Arbitrum and Facebook.
As our codebase is very complex, there are too many aspects to brute force and test manually. With Trail of Bits, Curvance is developing new test suites to conduct active penetration testing through “stateful fuzzing”. In practice, this consists of building a simulation machine, which can run millions or billions of action attempts (e.g. locking assets and trying to force unlocks, and so on) and simulations to stress the codebase.
This ensures that there are no vectors of attacks that are unknown to us, such as exploiting rounding issues.
Cantina
Last but not least, our team will conduct our Public Security Competition with Cantina. Cantina is a “decentralized marketplace for Web3 security” incubated by industry-leading smart contract security provider — Spearbit.
Through the competitive security review model, Curvance can leverage the large security network of leading security researchers and take a wide-net approach to code security that activates every available node from Cantina’s vast security researcher network.
Due to the depth of the Curvance codebase, we are hosting the largest scoped public audit competition in partnership with Cantina. This competition will be judged by top security experts, including Trust Security, who have a strong familiarity with the codebase.
Cantina as a security partner is aligned with the vision and direction that Curvance is pursuing in regards to innovation within money markets. Cantina believes that Curvance has taken a very strong approach to security in stacking/layering security reviews from different firms as well as conducting a final public security competition to even further evaluate the remaining attack surfaces. This approach is in line with many leading protocols within the Web3 ecosystem and provides users of the platform with the confidence they need to leverage Curvance for any of their DeFi needs.
Spearbit also affirms that Curvance is taking the correct approach towards the security of their protocols as outlined in their Security Readiness Roadmap shown below:
When evaluating the security posture and approach that Curvance has taken, the Spearbit and Cantina team have stated the following:
Conclusion
Curvance was built from the ground up with security in mind to limit common attack vectors for money markets. As a testament to our commitment to security, our technology will be open-sourced as a public good to help the industry better safeguard billions of dollars of user funds.
Curvance auditors include:
We expect Curvance to be one of the most highly audited, tested and reviewed codebases of any DeFi protocol.
For many, auditing a protocol seems to be a simple process from the outside.
However, this is not a one-size-fits-all process, where the protocol design and components have a fundamental impact on the security risks and auditing profile of a protocol and have to be assessed accordingly.
In addition to this, Curvance will be deploying one of the most complex codebases ever in terms of size and functionalities. Lending protocols already face many risks, which are amplified when dealing at a cross-chain level.
Our multi-level security framework reflects the scale of risk of operating a multichain money market and our commitment to make Curvance’s approach a virtuous example among DeFi protocols.
As part of our plan, we are focusing on working with top security experts to reduce the vulnerabilities of our codebase, contributing to the creation of more complex simulations to push the boundaries of codebase penetration testing, as well as reducing third-party dependencies to the bare minimum.
For this reason, we are proud to work with the top firms in the industry who help us make our protocol secure and allow our users to operate on Curvance effortlessly and without worrying about their funds.
As part of this ongoing effort, Curvance is also committed to risk management and security readiness through continued testing and bug bounty programs.
