Today’s blog focuses on Brahma, whose current mission is to secure Console. Console is their project’s innovative answer to the need for a range of DeFi execution capabilities within a self-custodial environment. As part of this mission, they recently launched an audit with Code4rena.
We got to chat with 0xAd1, Brahma’s Solidity Lead, and Alessandro Tenconi, Brahma’s Co-Founder, to talk more about Console, the work it’s taken to get to this stage, and what they’re looking for from Wardens in this audit. Read on to get all the alpha.
What are you building, and what sets it apart in the space?
Brahma is assembling Console, a streamlined DeFi execution environment designed for Funds, DAOs, and DeFi power users specifically. What sets Console apart in this space is its curation atop Safe’s wallet custody infrastructure, with intuitive automation workflows, advanced execution capabilities, and transparent access control. Console simplifies the creation of siloed sub-accounts and execution environments, enabling the separation of ownership and delegations rights for large-scale teams.
One distinctive feature that differentiates Console is its unwavering commitment to improving DeFi execution UX, risk segregation, and overall accessibility with things like transaction batching, gas abstraction, and automated transaction management. With funds securely held in users’ custody and ownership, they can always access their Safe Wallet from https://safe.global, ensuring uninterrupted access and ultimate autonomy over funds. This empowers users with unparalleled control over their DeFi positions, making Console a unique solution in the DeFi management landscape.
What’s your vision for your project? What are you building towards in the longer view?
At its core, Brahma’s mission is to abstract the complexities associated with DeFi operations.
Console represents the quintessential need for a range of professional DeFi execution capabilities power-packed within a self-custodial environment, with superior focus on access control and security. Console as an execution environment, is designed to cater to the needs of Asset Managers, DAOs, and advanced users who aim to deploy their strategies and perform their DeFi workflows with maximum control and execution tooling built for elaborate portfolios and enabling risk management at scale, all while retaining complete control of their assets.
We see Console evolving into an end-to-end DeFi custody and execution environment that simplifies, safeguards, and empowers capital disbursement while enabling accessibility and ownership within the ecosystem.
What’s been the biggest challenge throughout the entire process?
Custody and execution are both extremely complex solutions to solve. Thanks to Safe, we are able to rely on the most battle-tested smart contract wallet infrastructure for custody, while focusing on the required tooling to improve efficiency and execution in DeFi. Building Console on top of Safe infrastructure, while also building our services to aid in execution has been a long process, with a special focus on security, while retaining flexibility for user configuration.
Leveraging smart contract features intuitive to wallets like Safe, Console is building to ensure users always have a secure interaction experience with the underlying dApp while accelerating UX. Console is optimized to reduce overall honey pot risk while solving for position management and smart risk segregation as a key part of the execution infrastructure.
Optionality and security are always hard to balance, and we think we have hit the mark on how to make Console a first-class choice for professionals' custody and execution needs.
Talk more to us about Brahma Console. How do they work on a technical level?
Users onboard to Console by connecting an EOA (externally owned account) with wallets like Metamask or Rabby. Users can alternatively, create or import a new Safe linked to their connected wallet. This Safe enables various operations directly from the Main Console, including sending, swapping, or connecting to dApps via Wallet Connect. Users can also establish multiple Sub-Accounts to manage risk segregation, with the ability to assign operators and security policies to each subaccount.
Console uses Safe Hooks and Safe Plugins to enforce on-chain fund governance and transaction policies. The Console Hook, improves transaction security with on-chain and off-chain policy enforcement. Moreover, Console Automation Plugin facilitates automated tasks for Sub-Accounts, allowing automation triggers and bots to operate within Console.
For more details, please refer to Brahma Docs.
What role do you see Brahma Console playing in shaping security within the wider web3 ecosystem?
For one the team at Brahma is fostering the usage, progress, and security practices in account abstraction and smart contract-based custody and execution systems. The majority of the services we are building for Console are new and we are therefore working with multiple security providers to dive deeper into Safe and smart contract wallet tooling security.
What prompted you to engage with Code4rena?
Primarily, we are happy to host an audit with Code4rena given the expert-led range of highly skilled solo auditors and participants.
Furthermore, we are happy to work within a transparent and collaborative audit environment that not only takes charge of comprehensive analysis but also aids in remediating vulnerabilities and maintains an open line of communication with the development team.
What’s the main focus of this particular audit with Code4rena? Are there any areas you’d like auditors to hone in on?
We strongly advise all participating auditors to perform a comprehensive analysis of access control-related concerns, including potential delegatecall and proxy issues.
Please ensure your investigation delves deeply into these areas to pinpoint conceivable vulnerabilities and loopholes.
What technical tips would you give to an auditor looking to participate in your audit?
Having a solid grasp of Safe wallet architecture and expertise in crafting access control systems would be beneficial throughout the course of the audit.
Overview specs can be found within shared docs under the architecture tab.
—
About Brahma
Brahma is a non-custodial protocol that optimizes DeFi execution and provides tools for comprehensive asset management.
Website | Twitter | Discord | Docs | Github
About Code4rena
The leading web3 security marketplace.
Website | Twitter | Discord | Medium | Docs
Brahma’s audit with Code4rena began on October 13th, 2023, and runs until October 20th, 2023. More details here.
The Ones in the Arena spotlights emerging and established DeFi projects and their founders, with an eye to celebrating and learning from them. The series’ name is inspired in part by Teddy Roosevelt’s famous quote, which has a central place in Code4rena’s philosophy.
