Security of Syrup
June 23, 2024

Introduction

The Syrup Protocol is a layer built on top of Maple Finance, leveraging the same underlying smart contract infrastructure that has facilitated over $4B in loans to institutional borrowers. To create a compliant protocol accessible to a wider user base, excluding geo-blocked regions, Maple introduced a new global permissioning system (more information in this blog post). By leveraging this new permissioning system, users who meet our requirements can interact with the Syrup Protocol. This same system enables permission-less transfers, which, for the first time, allows the 4626 pool tokens to be used across DeFi.

Security First Development Lifecycle

The Maple Labs team that developed the Maple and Syrup smart contracts places the highest emphasis on security. While audits (of which there are numerous) are important, we believe developing a secure protocol requires a security-first mindset to be embedded and enacted at every stage of the development lifecycle. Our development lifecycle includes:

Pre-Build

  • Gathering product requirements
  • Technical design discussions
  • Threat modelling

Build

  • Unit tests
  • Integration tests
  • Fuzzing tests and campaigns
  • Invariant tests
  • Formal verification (when applicable)
  • Internal audits
  • Red team exercises (attempting to break the code)

Pre-Deployment

  • External audits with top firms
  • Incident response plans
  • Simulated deployments

Post-Deployment / Operations

  • Informational monitoring
  • Critical monitoring (ensuring invariants hold)
  • Bug bounty programs

The Maple-Core V2 protocol has undergone 7+ audits, all of which can be found here. These audits have been completed by top-tier firms like Spearbit/Cantina, Three Sigma, and 0xMacro. Additionally, the Syrup Protocol’s main contract, the Syrup Router, has undergone an audit by Three Sigma, which can be found here.

The Maple-Core V2 protocol also has extensive testing, with thousands of tests across all the submodules and the main mono-repository that integrates the protocol. Furthermore, with the use of Tenderly Web3 actions, we monitor the protocol invariants at every block, which would trigger our incident response plans in the event of a failure.


Conclusion

Syrup has a well-established security posture, built on top of Maple’s extensively tested and audited codebase. This has enable Maple to secure over $4B in loans and over $10B in value over the protocol’s lifetime.

We're excited to offer reliable and innovative smart contract infrastructure to the wider DeFi community.

Tags:
Syrup
What to read next
Financials
12
·
Sep
·
2024
Syrup Integrates Binance Web3 Wallet
Financials
28
·
Aug
·
2024
SYRUP Token Launch, Staking, and Conversion of MPL to SYRUP
Financials
22
·
Aug
·
2024
Q2 2024 Treasury Report
Financials
12
·
Sep
·
2024
Syrup Integrates Binance Web3 Wallet
Financials
28
·
Aug
·
2024
SYRUP Token Launch, Staking, and Conversion of MPL to SYRUP
Financials
22
·
Aug
·
2024
Q2 2024 Treasury Report
Disclaimer
Maple is a technology services provider. Use of the Maple Protocol involves risks, including but not limited to the potential loss of digital assets. Before using the Maple Protocol, you should review our documentation to ensure you understand how the Protocol works. As described in our Terms, the Maple Protocol is provided on an “as is” and “as available” basis, at your own risk. We explicitly disclaim any representation or warranties of any kind relating to the Protocol, and no developer or entity will be liable for claims or damages of any kind associated with use or inability to use the Protocol.
Copyright @ Maple Finance 2024