02 - Trail of Bits, Sep 2020

Trail of Bits performed an assessment of the DeFiner protocol. We sought to answer various questions about the security and correctness of the DeFiner protocol, specifically:

● Could an attacker make the protocol calculate balances incorrectly?

● Can an attacker withdraw tokens that do not belong to them?

● Can a malicious user break any features intended to incentivize certain behaviors?

● Could an administrator seriously impact protocol functionality?

● Do features function as intended? Of the findings reported, one would allow a malicious user to prevent a liquidator from claiming any collateral. Another would allow a user to borrow tokens exceeding the LTV of their locked collateral. Several issues would have caused corruption of the protocol’s internal accounting and permitted users to withdraw more tokens than the protocol actually possesses.