After Rigorous Security Testing, Clipper DEX is Set to Sail!
We take security seriously, and as Clipper’s beta launch date approaches, we want to run through everything we’ve done to ensure that our users and their funds are fully protected. Clipper has gone through rigorous testing, conducted a bug bounty with ImmuneFi, and been audited by Quantstamp and Solidified — in addition to being prefunded with $1M of liquidity during our alpha launch as potential exploit bait for hackers.
Unit Tests and Development Process
Smart contract development is different from agile web development in that once the code is deployed, it can’t be changed. Therefore, smart contract development and deployment requires more diligence in order to mitigate against the risk of bugs and security vulnerabilities.
For instance, unit tests are often used to ensure code doesn’t have any logical inconsistencies. Typical unit test coverage in an agile development context (e.g. SaaS or ecommerce) might be 10%, focused on the most critical functions of the code (e.g. checkout, payment, etc.). By contrast, unit test coverage during smart contract development is substantially higher. In fact, our Github logs indicate that nearly two thirds of the entire Clipper codebase consists of javascript tests, as opposed to Solidity source code. We’ve dedicated an entire team resource to writing these tests and they were critical in surfacing several bugs that led to system-wide improvements, so we are glad we invested so much time writing them.
Quantstamp and Solidified Audits
Although Clipper’s code has gone through countless rounds of internal review, we wanted an extra pair of eyes to check for oversights. To that end, we hired two well-known auditors, Quantstamp and Solidified, to perform in-depth audits on our codebase. Both teams are composed of experienced, independent security researchers who have spent a substantial amount of time and focus reviewing every line of code for potential flaws. While their third-party audits did not uncover any major flaws, their findings helped us rethink and reimplement several architectural choices. We’re grateful for their thoughtful analysis and have made their reports public here.
Please note that there are several differences between the code audited and deployed as a result of feedback from independent developers (e.g. but bounty) following the audits. The deployed code is currently under re-audit and we expect to publish updated versions of both audits shortly.
ImmuneFi Bug Bounty
No matter how much effort one puts into ensuring the integrity of one’s code, it is always possible that a flaw gets through. In the context of a DEX, a vulnerability could be especially catastrophic since it could result in loss of LP funds. We don’t need to look back far in history to find numerous examples of DeFi projects that have been exploited by hackers and drained of tens, if not hundreds, of millions of dollars. We want Clipper users to be as confident in our DEX design as possible, so we’ve partnered with Immunefi to run a Bug Bounty, with upwards of $100,000 rewarded to anyone who finds a critical bug. In order to draw as many constructively critical eyes on our code as possible, our bug bounty bonus was recently extended a week beyond its initial two week period. Fortunately, no critical vulnerabilities were found. While the bonus period is now over, the bounty will continue with rewards up to $50,000, so we still encourage anyone to review our code and collect a reward.
Test Launch With Potential Exploit Bait
At the end of the day, the only true test of security for Clipper is a real-world launch with actual funds, so as a final step we published Clipper’s contracts to our mainnet and funded $1M of liquidity to see what would happen. This alpha launch took place on June 29th, and over the past two weeks, the pool has not been exploited. In fact, it’s earned money as a result of early trades! At this point, we feel confident that Clipper is ready for its maiden voyage.
Security Postmortem
In truth, security is a never-ending process, and the only way to ensure that Clipper users are protected is to continuously pressure-test our design without taking anything for granted. To that end, our bug bounty will remain open indefinitely and we will continue to evaluate emerging trends in DeFi security and propose changes to Clipper’s code if required. However, we are confident in our security protocols and the results of the third-party audits to date, and are thrilled to be launching Clipper into the public arena. Clipper is officially seaworthy, and it’s time to set sail!