Rob Behnke
March 28th, 2024
Coinbase Asset Management (CBAM) is an independently operating subsidiary of Coinbase, a leading cryptocurrency exchange and financial services platform. CBAM offers a range of services tailored to the specific needs of institutional investors seeking to invest in digital assets. One of CBAM's innovative initiatives is Project Diamond, a Decentralized Finance (DeFi) platform designed to bring Web3 financial infrastructure to institutions.
Project Diamond is a smart contract platform that will ultimately enable KYC'd institutional users outside the United States to create digitally native financial instruments, as well as manage lifecycles end-to-end. Built for Ethereum Virtual Machine (EVM)-compatible infrastructure, it has deployed across several Ethereum mainnet and Layer 2 (“L2”) testnets, and has executed its first live transaction on a BASE Layer 2 deployment under the supervision of ADGM in their RegLab sandbox, where the platform will be developed and tested over the next couple years.
Project Diamond enters the DeFi space with compliance as a fundamental feature of the platform as well as security, which is of paramount importance and requires a rigorous assessment of the platform's functionality and smart contracts.
In order to fortify the platform’s security posture, Halborn and Coinbase Asset Management collaborated in three assessments—Backend Penetration Testing, Frontend Penetration Testing, and Smart Contract Auditing. These types of engagement aim at preventing all kinds of threats: from unauthorized access, to potential capital and vault manipulations, all the way up to overloads or other attacks on the system.
After a fruitful engagement focused on a particular debt instrument, the application's overall security was effectively fortified in both frontend and backend environments, as well as in smart contract functionality. Halborn’s team was able to pinpoint granular improvements on the platform’s components and Project Diamond’s team promptly addressed every potential threat or issue found.
CBAM’s engagement with Halborn was a valuable step in ensuring the security of Project Diamond. The expertise of Halborn's team, coupled with their professionalism, organization, and efficiency, enabled a smooth and thorough assessment.
It's not only a firm of great hackers - it’s folks that really know how to attack a system and to communicate about the philosophy behind it with learnings that can be gained by going through that process with that rapid iteration and the communication. - Shaun Martinak, Researcher, Portfolio Manager, CBAM
Likewise, the Project Diamond engineering team was an excellent partner in the audit process, engaging in real time to address findings and seek advice on other system improvements. Close alignment and an iterative process between the audit and product engineering teams leads to stronger, more resilient systems.
Halborn’s security assessment provided Coinbase Asset Management with confidence in the security of their DeFi platform. The partnership with Halborn not only validated their commitment to security but also equipped them with a secure foundation to eventually offer institutional users the power of Web3 financial infrastructure through Project Diamond.
Halborn is more than pleased with the result of this engagement and continues its pursuit to make the blockchain-powered future a safe reality.