Minterest Safety and Security: The foundational role of audits in a next-gen protocol
For DeFi to fulfill its promise and powerfully contribute to the financial world’s mainstream it must deliver absolute reliability over time. That means total security in everything from liquidity provision to third party integrations.
Security gets delivered in numerous ways, but it starts with rock solid smart contracting architecture designed with a minimum of external contact points to prevent exploit potential. In almost all cases, the KISS principles applies; Keep It Simple Stupid. A lack of inter-relationships between protocol assets is also essential, as it reduces vectors for economic attacks.
Security also relies on token markets maintaining deep liquidity over time, because low liquidity in specific pools is a factor in almost all economic attacks. A lending protocol, like any financial application, must de-risk such events well in advance as changing circumstances warrant. Waiting till later is simply never an option.
Rigorous, independent security audits are fundamental and confirm a secure, high-quality code base. That is why Minterest has undergone four of such audits even before launching. A relentless ongoing security audit schedule is also part of Minterest’s operational future.
An effective bug bounty program brings it all together. It allows a community of blockchain savvy developers to ongoingly contribute to the protocol’s security and the value and importance of such a program cannot be overstated.
Security Audits
To date Minterest has completed four security audits by leading firms.
- Trail of bits (see report here).
- Hacken (see report here).
- Peckshield (see report here).
- Zokyo (see report here).
As is normal, all issues identified were addressed during the process.
Security audits are vital in identifying external threats and provide recommendations to address them. Essentially, when it comes to network security there can never be too many eye-balls. Security audits also apply industry standards and are important in reassuring users such safety and security standards have been met, which is key to trust.
What were the results of the security audits?
Trail of Bits (Q1 2022): identified one critical issue which was immediately addressed, as well as other non-critical items which were addressed in the later version audit report.
Hacken (Q2 2022): scored Minterest a 10 out of 10 for both documentation and architecture quality.
PeckShield (Q2 2022): found no vulnerabilities of critical or high severity levels, stating “The current code base is well structured and neatly organized. Those identified issues are promptly confirmed and addressed.”
Zokyo (Q4 2022): scored Minterest 93/100, confirming its qualification for listing on exchanges, with 98% testable code exceeding industry standard 95% and total contract security being high.
Bug Bounty Program
Minterest’s upcoming bug bounty program will incentivise and reward individuals who contribute to Minterest’s security. If you’re interested in the bug bounty a summary is at the end of this article.
What else?
Minterest also builds on the following:
- In house security team.
- 24/7 monitoring – automated and on-call.
- Treasury security with multi-sig hardware wallets.
- Crisis planning with scenario processes and mitigation plans.
- Security protocol for the physical safety of the wallet holders.
- On-chain attack prevention measures (Withdrawals; Multisig; Governance manipulation).
- Off-chain attack prevention measures (Compromising private keys; Getting access to data).
Undertaking a fourth independent audit demonstrates Minterest’s commitment to security with high scores from all auditors providing external insight into Minterest’s professional and measured approach to protocol security.
Yield Gets Real with Minterest – and that starts with rock-solid protocol safety.
09, December 2022