The Watch is Creeds’ archive of comprehensive insights and discoveries from our work securing protocols throughout web3s’ greater ecosystem. This collection of reports from our audits is presented to you here, for further exploration, education and enlightenment on how we can all collaborate together to foster universal progress and develop stronger security methods that serve us all. This first report is about our work with the crosschain clearing and settlement protocol, Everclear.
Everclear is a crosschain clearing and settlement protocol that solves liquidity fragmentation for blockchains and digital assets. It is the new foundation of the chain abstraction stack, integrating with intent protocols, solver networks, modular blockchains, and dapps to enable the most efficient transaction settlement at the best possible price. The protocol allows fillers to socialize rebalancing costs by netting settlements against other network participants, dramatically improving capital efficiency.
When Everclear partnered with Creed in 2024, they needed a full-service security partner that could continuously improve protocol resilience, not just provide one-time code reviews and disappear: "Before Creed, protocol upgrades were our most stressful times," Najdana Majors recalls. "Now, they're almost routine. Our developers focus on building because they know Creed's team ensures they don't compromise security."
Blockchain protocols like Everclear face unique security challenges due to the high stakes involved with digital assets.
Expanded Attack Surface: Each new integration increases attack surface
Multi-Chain Complexity: Vulnerabilities stemming from nuances in how specific chains implement smart contracts (even different EVM behavior), complexity of bridging and messaging
Trust Assumptions: Building a resilient system while managing the trust of third-party providers
When Everclear partnered with Creed in 2024, they needed a full-service security partner that could continuously improve protocol resilience, not just provide one-time code reviews and disappear.
Creed assembled a dedicated Security Task Force with senior security researchers ("Paladins") who are alumni of respected blockchain firms and projects like Consensys Diligence, EtherFi, and Puffer Finance to implement a continuous security model. The team provides five core services to ensure the security and integrity of the Everclear system:
Security Code Reviews: Expert security code review by Senior Security Auditors of all new code before deployment to find and mitigate any bugs and vulnerabilities
Transaction Proposal Reviews: Verifying multisig and DAO transactions
Smart Contract Upgrade Assessments: Pre-deployment and post-deployment validation
Comprehensive Security Assessments:Perform an in-depth analysis of Everclear’s existing security posture, infrastructure, and policies
Governance Council Leadership: Security focused guidance in protocol governance including reviewing transaction, ensuring all transactions meet security standards and creation of security policy and standard checklists for key holders
This comprehensive approach maintains a security-first mindset throughout Everclear's development cycle. The Security Task Force actively participates in protocol upgrade discussions and DAO governance to ensure security considerations are prioritized at every stage.
Creed's code review of Everclear's Chimera and Diablo releases uncovered two major and five medium severity findings in critical areas:
Accounting and liquidity allocation
Denial of Service attacks
Cross-chain race conditions
Misconfigurations threatening system integrity
"What impressed us most wasn't just that Creed found these vulnerabilities—it was how they approached remediation," says Najdana Majors. "They worked alongside our team to implement mitigations that maintained functionality while improving security."
Creed implemented a transaction review framework for all multisig and DAO proposals, including security checklists, parameter validation, and pre-execution simulation.
Since implementation, the DAO has executed all transactions with confidence and peace of mind.
Creed established a security-first approach to smart contract upgrades:
Pre-deployment reviews identify security considerations
Post-deployment verification ensures proper implementation
"Before Creed, protocol upgrades were our most stressful times," Najdana Majors recalls. "Now, they're almost routine. Our developers focus on building because they know Creed's team ensures they don't compromise security."
As a result of their partnership with Creed, the Everclear team learned
Continuous vs. One-Time Security: Traditional audit models cannot address the dynamic security needs of actively developed protocols
Invest in Longterm Partnerships: Forming a lasting partnership with a security team makes it easier to call on trusted experts when you need them
Security-First Culture: The most effective security programs transform organizational culture to have a security first mindset.
If your protocol is facing the same evolving security landscape that challenged Everclear, join forces with Creed. Email info@thecreed.xyz or visit thecreed.xyz to learn how our Security Task Force can become your protocol's greatest defensive asset.
Connect with Creed on X @CreedDao and on Farcaster @thecreedxyz, and head over to our headquarters to learn more about becoming a trusted Paladin today.