Audit Progress Update
The Primary Lending Platform has undergone two audits by separate teams that are now complete, as well as one audit re-check that is also now complete. Mistakes have been spotted, fixed, and re-submitted for our auditors, CyberUnit and HashEx, to separately confirm that the updates and corrections are correct.
We have learned many things about our design through this process, uncovered opportunities, and fixed possible vulnerabilities. We also started another re-check a week ago, a point on which we’ll talk about briefly. This post aims to be a high-level walkthrough of what we’ve fixed, where we are, and what to expect.
What has been going on?
The primary audits by both HashEx and CyberUnit identified several items for our development teams to re-work. Upon finalizing this stage, the code was re-submitted for another round of checks. After a number of cycles, Fringe’s Primary Lending Platform is near to finalizing the quality control stage.
From the vulnerabilities and errors spotted on the first audit round, a majority of the found items were classified as informational only, low risk, or medium risk. There were a handful of high-risk rated items and a single critical rated item. One such high-rated item caused us to pull forward a few inter-related roadmap enhancements to improve stability and therefore required a material level of work aiming for maximum security.
In addition to audit items, the Fringe team has taken the opportunity also to introduce two new stability enhancements and one security enhancement. These include:
Stability enhancement #1: Refining the Maximum Borrow Limit for any single collateral asset.
This allows the platform to better control the amount of aggregate borrowing that can occur that is secured by a given collateral asset. The Fringe Finance platform forges new ground regarding allowing borrowing against smaller-cap altcoins and therefore has very specific engineering characteristics that enable this.
The Max Borrow Limit enhancement ensures borrowing only occurs up to the limit of the collateral asset that can readily be disposed of by liquidators in the event of adverse market conditions. Without this Max Borrow Limit in place, there are possible edge cases where liquidators may not be willing to perform a liquidation. This enhancement ensures the continued stability of the platform, protects lenders’ capital, and covers the platform as a whole.
Stability enhancement #2: Upgrading the liquidation mechanism to favor borrowers.
This refinement results in more control of the liquidation process to ensure borrowers retain as much excess collateral as possible after a liquidation event. Initially, this upgrade was considered a roadmap item to be implemented after our Mainnet release. However, it will now be a part of the platform from day one, with the rationale that it will increase the platform’s appeal for borrowers, enhancing the opportunity for adoption.
Wider adoption, it goes without saying, ultimately benefits $FRIN token holders because it results in a more scalable platform from which usage fees can be extracted. This, in turn, increases the opportunity for dividends to be paid to $FRIN governance token holders.
Security enhancement: Introducing time locks for proxy contracts.
We have introduced a time delay into the platform that comes into effect when re-assigning the proxy contracts’ operational contracts. A proxy contract is a contract that forever remains with a fixed address, but which’s smart contract logic is performed by an operational contract. This allows protocol upgrades to occur by deploying new operational contracts and updating the proxy contracts’ configuration to point to new operational contracts.
Introducing time delays allows any changes to the operational contracts to be known in advance, therefore allowing participants to withdraw their funds safely before a malicious operational contract commences operation. This avoids situations that we’ve seen in the past with DeFi projects where a malicious actor has re-assigned an operational contract with no time delay, allowing the attacker to drain funds immediately. Fringe already had controls in place to mitigate these risks (such as pausing withdrawal operations), but we consider this time delay a worthwhile security refinement.
Where are we?
As a result of audit re-checks, a few remaining items were identified for refinement, and the above enhancements are now being re-checked for a second time. We’re expecting our auditors to complete this second re-check shortly, and we will scrutinize the outcome. Should we be 100% positive that we’re clear of any possible vulnerabilities or errors, we should be able to move forward with the launch of the Primary Lending Platform.
It’s not without reason that we confidently express our feeling that we’re getting very close. However, the nature of these activities, particularly in the current context, does not allow us to declare fixed dates, and we’ll only release once we are fully satisfied. Still, it’s safe to say that we have entered a stage in which launch is imminent.
Fringe has always aimed towards being among the top platforms in the DeFi panorama when it comes to security. To fulfill this vision, we have engaged in the costly and time-consuming process of engaging not one but two top-tier auditors, setting strategies in place to ensure no shortcut was taken that could undermine security.
It’s been severely damaging to the DeFi ecosystem to have projects launching early with no proper security audits and practices in place. Repeatedly, we’ve seen successful names in the industry blow up and hurt their users’ pockets due to their impulse to launch fast. We’re going against this trend by making sure every component of our platform is up to the highest standard and is triple-checked, which we’re sure will pay off in the long run.
About Fringe Finance
Fringe Finance is a decentralized money market designed to unlock the capital spread in crypto assets regardless of their capitalization and supported network. With a next-generation DeFi lending & borrowing ecosystem, Fringe aims to unlock the dormant capital from traditional financial markets and all-tier cryptocurrencies.