π¨βπ»Technical Risks
Mitigate technical risks with this analysis.
Key Risks
Smart contract exploits/failure
Smart contract code that runs on a public blockchain is subject to exploits and other technical failures. These can lead to stolen user funds or funds becoming unavailable.
Due to the open-source nature of code that runs on the blockchain, everyone in the world can read a protocolβs source code. This means that hackers from around the world can review a protocolβs source code and hunt for exploits. Further, with billions of dollars deposited into these protocols, the incentives to find an exploit and steal funds from the protocol are extremely high.
Recent examples: Cream Finance, Solana Wormhole
Oracle failure
Oracles are a mechanism in crypto to provide live data streams to a smart contract system. Oracles are used in DeFi lending markets to calculate the value of assets used as collateral, in derivatives, and in various other DeFi protocols.
However, oracles are a single point of failure in the DeFi protocol stack: Most DeFi protocols use a single oracle as to their source of truth for live price data. In the case of oracle manipulation or errors in the oracle data feed, said the protocol would take actions that itβs not supposed to do, e.g. a lending protocol would liquidate user funds because it thinks that the collateral dropped off in value due to a wrong oracle price. Since many DeFi protocols rely on the same Oracles, this also implies systemic risks.
Recent examples: Compound
Frontrunning/MEV
Frontrunning is the process of anticipating the arrival of a market order and placing an order before it to benefit from the price change of said order. MEV describes the value that can be extracted by miners and arbitrageurs from a transaction.
Every interaction with a smart contract on a public blockchain can be subject to frontrunning and MEV exploits.
Risk Analysis
Item | Weighting (Total of 20) |
Insurance | 8 |
Audits | 6 |
Code Review | 2 |
System Analysis | 2 |
Track Record | 2 |
Insurance
An insurance policy can protect against hacks, exploits, and other technical failures. Insurance available from one of our whitelisted insurers gives 8 points. No insurance results in 0 points.
Audits
Audits are a certificate of quality and code safety. There are 7 reputable audit companies in the space: Consensys, Quantstamp, Trail of Bits, OppenZeppelin, Certik, Chainsulting, and Peckshield.
We give 2 points per audit from one of the above companies, up to 6 points in total.
Code Review
We do an in-house qualitative review of a blockchain protocolβs code for 2 points to verify a protocolβs code quality and design.
System Analysis
We do an in-house review of the technical components of a protocol and determine the external risks surrounding it, e.g. risks that come from wrong system design/interaction with other protocols.
In addition, we evaluate how prone to frontrunning/MEV transactions would be and whether there are measures such as private mining pools that we can take to prevent this from happening.
In total, we give out up to 2 points based on our proprietary system analysis.
Track Record
The longer a protocol exists without suffering from an exploit, the more robust we can consider it as hackers had more time to find an exploit. We calculate a protocolβs track record in years starting from the last time it had an exploit/network issue and then give out 0.5 points for every year a protocol has existed without any issues.
Last updated