All content for The Web3 Security Podcast is the property of TheWeb3SecurityPodcast and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Centrifuge's serial audits: 6 security reviews that reshaped RWA architecture | Jeroen Offerijns
The Web3 Security Podcast
1 hour 5 minutes
3 weeks ago
Centrifuge's serial audits: 6 security reviews that reshaped RWA architecture | Jeroen Offerijns
Maker's core accounting contract—the vat—has remained immutable for six years while processing tens of billions in TVL. Centrifuge is proving this isn't legacy thinking; it's the only approach that survives institutional custody requirements where protocol upgrades introduce unacceptable counterparty risk.
Jeroen Offerijns, CTO of Centrifuge, explains why their $750M TVL RWA protocol runs 6-7 serial audits rather than parallel reviews on a final commit hash. The goal isn't redundant coverage—it's forcing architectural iteration between audits. Low-severity findings don't get dismissed; they trigger contract redesigns before issues compound. This matters when tokenizing Apollo's private credit or S&P 500 funds, where a single exploit permanently destroys institutional trust.
The technical implementation diverges from standard DeFi patterns at every layer. Centrifuge co-authored ERC-7540 with competitor Maple Finance because RWA settlement requires multi-day cycles for off-chain broker execution and NAV updates—atomic swaps don't exist here. Their cross-chain security uses multiple bridge providers simultaneously; vulnerability requires compromising all providers. Invariant testing with Echidna and Medusa surfaces chained rounding manipulations that exceed human auditors' ability to reason through state permutations across multi-step transactions.
Topics discussed:
Serial audit methodology: using findings to force architectural iteration rather than validating final code
Maker's immutable core pattern: isolating accounting logic in never-upgraded contracts with modular extensions
ERC-7540 co-authorship with Maple Finance: standardizing asynchronous operations for multi-day RWA settlement
Multi-bridge redundancy: requiring simultaneous compromise of all interoperability providers
Invariant testing with Echidna/Medusa via Recon: catching chained exploit patterns beyond human reasoning
Low-severity findings as architectural signals: redesigning contracts before issues compound
AI auditing integration: per-commit security validation reallocating human auditors to protocol-specific vectors
DRWA architecture: separating regulated fund custody from permissionless yield token access
Centrifuge V3.1 as freely immutable infrastructure: enabling third-party RWA protocols to avoid rebuilding primitives
Rejecting upgradeable proxies: modular contract design for institutional custody requirements
