Plainshift × Ekubo: Solidity Audit Proposal

Our mission

Plainshift is a full-stack security firm built on the “shift left” security philosophy. We often work with teams early in the product development process to bring security to a greater organizational range than just smart contracts. From the web app, to fuzzing/formal verification, to a team’s operational security, full-stack security can only be achieved by first understanding there is no “scope” to protect the users that trust you.

We’re here to meaningfully revolutionize how teams approach security and guide them towards a holistic approach rather than the single sided approach so prevalent today.

Prior Ekubo Starknet audit info

We recently concluded the audit for Ekubo’s core contracts, TWAMM, limit orders extension and oracle extension on Starknet.

From Moody’s quick responses to our questions to a variety of edge cases already handled in the codebase, the Ekubo team’s focus on security was evident throughout our review.

In order to make sure no discussions regarding potential attack vectors was overlooked throughout our audit, we set up dedicated communication channels for each potential lead found. In total, Plainshift drafted ~30 potential leads to validate.

We set up a custom testing suite to verify some leads with PoCs, and the Ekubo team was always available to clarify doubts/confirm feasibility of reported issues. Ultimately, we confirmed 3 medium and 4 low severity issues.

Proposal

With the temporary Ekubo alpha release on the L1, a thorough audit of the Solidity contracts is critical. Plainshift has a deeply rooted history in Solidity, with our members having found bugs for the Ethereum Foundation, Arbitrum, Rocket Pool, Frax Finance and other high-profile projects in the space.