It’s important to reiterate that nothing is completely secure with current Smart Contract codes on any Dapp. However, as the technology grows, research and development are ongoing to strive towards 100% security.
Security is the key point for a vault, especially for a farming yield protocol. Without standard and high-grade protection, users’ funds are exposed to smart contract risks and possibilities of complete loss of investment. In the latest medium post by Autofarm, a project that prides itself as the yield optimizer within the Binance Smart Chain network reported the discovery of an edge case within its Venus vaults. This vulnerability could have resulted in a catastrophic loss of its user’s funds. Since then the vaults have been repaired and all funds are safe.
What is AutoFarm Network?
Autofarm has rapidly risen to the leading yield optimizer on the BSC with over $1 billion in TVL. Autofarm is a yield farming aggregator running on both Binance Smart Chain (BSC) and Huobi Eco Chain (Heco). The decentralized application (dapp) is designed to optimize Decentralized Finance (De-Fi) users’ yield as they interact with other dapps in the De-Fi space. The project has two active products optimized for users; Autofarm Vaults and a Dex Swap engine.
Autofarm yield optimizer vault provides users with auto-compounded yields at practical optimum intervals while pooling gas fees through battle-tested Smart Contract code and best-in-class yield optimizing methods. It uses a proprietary dynamic harvesting optimizer to enable the highest Annual Percentage Yield (APY) on its vaults.
On the other hand, its Swap Dex platform has yet to begin operation. It has been described by the Autofarm team as the best Dex aggregator incoming. The swap Dex will be built to get users the best price from their Dex trades, splitting their transactions across multiple Dexes. This ensures the best price and the lowest slippage possible. Ultimately optimizing trades in such a way it does not become front-runnable and arbitrageable.
Taking Out an Impending Doom
While yield farming can be an incredible way of making money in the DeFi space, it does not come without risks. Autofarm reported in its latest medium post about a vulnerability found when engaged in their routine checks. The team discovered an edge case within its Venus vaults that could have caused some issues if the vaults strategies were paused and restarted. The team did not tell the problems, but a further investigation shows such issues would have impacted users’ funds significantly if they had not been discovered and corrected in real-time.
What does this mean? The likelihood of users’ funds getting locked forever in the Venus vault, a nightmare that could quickly become a reality if the strategies were not corrected. The team is quickly working on an update for the new Venus vaults. Although pausing of vaults has never occurred, and according to Autofarm, will never occur within its vaults, it raises many concerns about current Smart Contract code security with yield protocols.
Smart Contract Code Security
We give it to the Autofarm team for its timely checks and proactive response to a danger that could mean enormous losses for its users. But, a recent study suggests that code exploitation is still on the rise, especially since the increasing number of users on the Binance Smart Chain (BSC) network.
There seems to be frequent coordinated attacks on Smart Contracts, general carelessness, or exploits out of developers’ control. Nothing is 100% perfect with a Smart Contract, like in this famous case of Harvest Finance Hacks. Other incidences of rug-pulls and hacks have been reported here.
A close study of the Autofarm risk page also suggests that the project has taken an active stance to mitigate Smart Contract breach risk by equipping all Smart Contracts with 24hr time-locks (except $AUTO reward multiplier at 12-hrs). CertiK has had many reputable audits from Anchain.AI, Vidar, and the respected code auditor Certik is currently auditing all Autofarm Smart Contract code as reported.
It’s important to reiterate that nothing is 100% secured with the current Smart Contract codes in operation on any Dapp. However, as the technology grows, research and development are ongoing to strive towards 100% security. This is so desperately needed within Smart Contract Systems and Decentralized Finance applications. Until then, such risks can be averted with proactive teams actively checking on the Smart Contract codes and mitigating the risks as fast as possible.
Autofarm has announced that it will be pushing out a new venus update in the coming days; users’ funds are safe as it still retains its strong commitment to code and security reviews. This update will be alongside the audit CertiK is currently performing.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.