DeFiSafety Is completing the activities for our recent grant with the exciting name “Improved Chain Technical Risk Checklist for New Market proposals”. In it, we have proposed improvements on the CIP-5 checklist proposed by Open Zeppelin and filled out checklists for a number of chains being considered for Comment deployment.
We feel these checklists provide significant value for Compound. Deploying Comet to a chain is a big decision that is difficult to back out of. Our filled out checklists provide a detailed, complete and independent assessment of the chain. The community can quickly understand the results. Our checklists are superior to checklists filled out by the applicant (based on existing examples), which are not independent and rarely complete.
In this forum post we summarize the results of our activities and welcome comments from the community.
About DeFiSafety
DeFiSafety has been doing security reports on DeFi protocols and chains for four years. So, the scope of this grant came naturally to us. In addition, a year ago we did a similar grant for Compound evaluating the technical risks on tokens. The results of which are here. Our experience doing these many technical reports gives us a good perspective for this grants content which we hope will add value to the Compound community.
Scope of the Grant
In this grant we have three tasks.
- We take the CIP-5 checklist developed by Open Zeppelin and we proposed improvements on it, based on our experience.
- We use this improved checklist and filled out an example checklist for review by the community.
- Finally, we complete four other chains bringing the total to five.
Results of Our Activities
For the first milestone, improvements on the CIP-5 checklist, we delivered on 29 April. The results were added to the compound forum entry for the CIP-5 checklist. The deliverable is here.
Our suggestions were :
- Add a summary paragraph at the top of the checklist for people who don’t want to read the whole document
- We perform a DeFiSafety chain review and provide a summary and add it to the risk assessment section
- Add an access controls section discussing the transparency of the access controls for the deployed code
- Add a section on dev responsiveness.
For the second milestone we delivered a filled in checklist for Linea which we added to the Linea forum post on 29 April asking for comments.
For the third milestone, we filled out the checklists for Blast Network and zkSync.
For the fourth and final milestone we filled out the checklists for Mode Network and Celo (the L1 as the L2 has not deployed yet).
This grant was approved on 19 March 2004. We delivered our first and second milestones on 29 April. With this forum post (May 30) we deliver the third and fourth milestone. Total grant duration is about 3 months (as expected). Support for @cylon has been excellent and timely throughout.
Personal Comment of the Results
Looking at the checklist results and there is the same variety in new chains as there is a new DeFi protocols.
Linea and zkSync show strong technical teams developing new software and building infrastructure they expect to last. However, these are both ongoing development programs with the risks of new and changing software on the blockchain.
For Blast and Mode Network you have chains that do the bare minimum from a technical perspective appear to have thin technical teams and their focus is on building their tokens and their community to help grow everyone’s tokens. They show a short-term perspective. Yet their code is built on Optimism, a very strong base. In neither case are the software changes from the Optimism baseline defined clearly. This adds an amount of technical risk to each, though I think Base requires more software changes. Mode Network may have been able to deploy their chain with virtually Optimism unchanged.
The Celo checklist is solid. no complaints there.