Security & Risks

Security & Risks

In the space of crypto, especially in the Decentralised Finance (DeFi) space, users have to understand the risks of projects and smart contracts before venturing into DeFi. We call this DYOR (do your own research).

As part of Autofarm's long-term commitment to security and building trust within the community, we have laid out the ways in which we attempt to mitigate risks and provide a seamless Autofarm experience that users can trust. Details can be found in the medium article over here.

General DeFi Risks

DeFi risks encapsulate a wide range of risks such as impermanent loss to risks of falling for scams such as wallet draining, private key being stolen, et cetera. Hence, DeFi users have to be careful themselves and learn to educate themselves constantly in this space. You can find a guide to keeping your funds SAFU here.

Smart Contract Security & Risks

Smart contracts are an innovative way for cryptocurrencies to interact with one another and with dApps (decentralised applications). However, due to the complexities that come with smart contracts, certain smart contracts may be prone to hacks. We've mitigated this risk by equipping all smart contracts with 24hr time-locks (except $AUTO rewards multiplier at 12hrs) and having reputable auditors audit the entire project.

Audit reports

Autofarm users can also purchase insurance to safeguard against smart contract failure and potential exploits with Soteria. (Details on how to do so can be found here). In addition, Autofarm has also partnered with CertiK to implement CertiKShield as a safeguard against potential theft or lost funds. Lastly, Autofarm is pledging the 3% gas rebates which we will receive from the monthly Binance BUIDL Reward Program to set up an Autofarm SAFU fund to be used for reimbursements in the event of exploits or loss of funds.

Fun Fact: Most of our vaults are operated using only 1 contract (not creating new contracts for each vault), so new vaults are created using the same construction (but with different constructors; which are the parameters/inputs to the contract). Working according to this mechanism assures the following:

  • Vaults will be audited end-to-end

  • Shorten the time needed to implement new vaults

  • Focus on adding value other than the creation of smart contracts

3rd Party Risks

Autofarm serves as a yield aggregator by providing vaults that auto-compounds rewards. However, vaults do not indicate any partnership or support by Autofarm. We've mitigated this risk by splitting the vaults into 'regular vaults' and 'non-$AUTO earning vaults' based on the individual yield farm's reputability on the BSC space, of which 'non-$AUTO earning vaults' are considered riskier and specified on the platform by an explicit warning:

Warning for non-$AUTO earning vaults

Bug Bounty program

In partnering with Immunefi we have established a way for the community to help and improve on the general quality of used smart contracts.

Immunefi is the premier bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer. Immunefi removes security risk through bug bounties and comprehensive security services to help drive high-quality decentralized financial products to the public.

Find more details here on how to enrol in the bug bounty program and receive bounties.