The primary goal was to develop a systematic approach for evaluating the risks associated with stablecoin pools, which Outline Investment was considering for potential investment opportunities.

Basic information

Project type: Investment Company

Service: Security consultation

Results: Our team successfully devised a user-friendly framework designed to scrutinize the risks inherent in stablecoin pools and staking contracts. This evaluation process categorizes each entity based on critical factors such as verifiability, security, economic stability, transparency, and governance, ensuring a comprehensive risk assessment for the client.

About Outline Investment

The client, an investment firm, sought a method to evaluate the risk associated with prospective DeFi investments they aimed to pursue.

They focused on pools and staking contracts utilizing stablecoins, aiming to mitigate the uncertainties associated with smart contracts.

Visit website: https://www.outlineinvestment.io

Outline Investment

About the service scope

The project aimed to develop an economical and technical methodology for thoroughly evaluating various pools and similar investment opportunities.

Conducting a comprehensive security review for each pool was impractical due to significant costs and extensive time requirements. The client sought an optimal balance between the analysis duration and the effectiveness of the assessment outcomes without any compromise on security. The high quality was crucial for the client, as they manage entrusted funds and take safety very seriously.

To address the client's need for clarity on the methodology, we provided traning along with resources that the client could revisit for a refresher on the implemented checks and procedures.

The results

The consultation culminated in the creation of a structured methodology, encapsulated in a spreadsheet. This tool organized checks into distinct categories: Verifiability, Security, LP Token, GitHub, Health, and Governance. Each check was accompanied by a detailed description, potential responses, and their respective risk implications.

Security Checklist

The Composable Security team undertook a thorough analysis of the client's selected pools, meticulously populating the spreadsheet with relevant data.

The Composable Security team provided comprehensive training to elucidate the rationale behind each check within the methodology and demonstrate how to obtain the necessary information accurately for selected checks. The educational experience was enriched with instructional videos detailing these checks, which were provided to the client for future reference.

Onchain check

Post-training, both the Composable Security team and the client independently applied the methodology to complete the checklist for various pools and staking contracts. This exercise culminated in a comparative analysis of the results, where discrepancies were addressed and resolved, ensuring the client was proficient in utilizing the methodology for future assessments.

Client rating

Files in scope

Want to increase the security of your project?

Let's engage in a conversation. Share details about your current security strategies and measures. This will enable us to provide professional advice on potential enhancements and additional actions that could be beneficial for your security framework.

Composable Security 🛡️⛓️ is a small team with a holistic approach that goes beyond the code. A combination of expertize in Solidity smart contract security and experience gained through 6+ years securing global fintechs and Polish banks help comprehensively take care of DApp security. Learn more about us. Creators of the Smart Contract Security Verification Standard and the first Security Guide for DApps CTOs, Lead Developers, and Security Enthusiasts.

Damian Rusinek

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

About the author

PhD, Speaker, Co-Author of SCSVS and White Hat. Professionally dealing with security since 2009, contributing to the crypto space since 2017. Smart contract security research lead.

View all posts (14)