Belaying the Fuji climbing
Since the beginning at FujiDAO, we’ve considered security as fundamental to our long-term development. On receiving our funding back in March, we scheduled audits with some of the major security companies in the ecosystem.
It can be difficult for new projects to book audits considering the large expense and long waitlists for booking a slot with these major companies. However, due to the insufficient offer compared to the rapid growth happening in DeFi, some companies innovate the security field by providing different services aside from the classic “one-time” audits.
During the period between scheduling the audits, and receiving the results, we had to find other ways to ensure the safety of our contracts, in order to launch our first product on Ethereum.
How we started
After we scheduled the audits back in March, we remained proactive on the security side, and we haven’t waited for the final results to ensure the protocol’s safeness.
Before anything else, our core team’s experience in development ensured a high baseline of security, in fact, the common bugs and hacks are well known in the space, and they’re avoidable without external support.
However, this experience alone is not enough to find the most novel threats.
Over the past few years, some Ethereum developers specialized in the security field and started to support the projects building on the Ethereum Virtual Machine.
That’s the path we chose at first, relying on the external support of more experienced developers working on different projects. They reviewed our contracts not only to find potential threats but also to find ways to make our architecture more efficient.
Becoming more autonomous
After this first conclusive experience, we decided to continue prospecting on the security side. We met Securing, a security company experienced in auditing Web2 applications and traditional finance. Their delays were shorter and we started working with them, they became good partners.
What we found interesting in their approach is that, aside from providing one-time audits, they also invited us to participate in a threat modeling session. The objective of this course was to teach us the method and process to look for potential threats by ourselves.
🐟 “If you give a man a fish, you feed him for a day. If you teach a man to fish, you feed him for a lifetime.”🎣
Giving us the fish is good, but teaching us how to catch the fish by ourselves increases our autonomy and lets us find potential exploits along the road while improving the overall team experience in that field.
Final results
It’s been almost a year since FujiDAO started and we’re now proud to publicly release our audit reports. It’s another step in the journey, the required step to innovate while ensuring our code is safe and bulletproof when handling our users’ funds.
No main threats were detected in these audits, and after some back and forth between our teams, some minor elements in our architecture were improved.
Another audit is scheduled with Consensys Diligence later in 2022.
Conclusion
DeFi is growing and attracting new people, gathering billions of dollars in value locked, the security domain needs to keep up and innovate to ensure the safety of more and more protocols.
We recommend every DeFi team not neglect this part of the equation, it might slow your project and be expensive in the short term, but this effort will considerably ensure your growth and reputation over the long run.
Keep in mind that an audit isn’t a full guarantee against hacks and bugs, since contracts are written and inspected by humans, there can be errors, or malicious attackers finding new ways of exploiting smart contracts.
New users should consider doing their own research before using any DeFi protocol, don’t trust teams or contracts blindly, but rely on experts to verify the audits of a specific project.
🗻 About us
FujiDAO is a borrowing aggregator optimizing your costs in DeFi by automatically refinancing your loans across different markets. The app is already live on Ethereum and Fantom and we invite you to learn more in our docs.
➡️ FujiDAO
🩴 This is now the best time to join the hiking and we’re pleased to invite you on Discord to keep up to date with our upcoming news!
