There are many risks involved when interacting with DeFi protocols. We outline the most predominant risks, and how we try to mitigate them.
As we experienced hands on with Terra, a blockchain can be technically or economically exploited.
As Avalanche is the home to the DAO, it would be disastrous if the Avalanche blockchains breaks or stops working indefinitely.
When researching on which blockchain to relaunch, we carefully reviewed all options based on their security aspects.
We chose Avalanche because:
- Kept working correctly during stress tests end of 2021
- High TVL and home to a multitude of DeFi protocols
- Part of many cross-chain bridges
- Bright team and lots of technical innovations
All of the above make us confident that Avalanche is here to stay, and won't go down the same road as Terra. Furthermore, we plan to introduce an "emergency exit" of Avalanche - this would move all funds and state to a new chain in case of a black swan event on Avalanche.
The strategies of Brotocol build upon other existing protocols. If a protocol we use gets exploited or the team runs away with the money, this has a direct impact on the performance of a brokkr strategy.
- Careful risk assessment of all used protocols, which includes but is not limited to:
- Team assessment
- Smart contract quality
- Economic risks
- Future outlook of the project
- Constant monitoring of governance proposals and team token movements
- "Emergency exit" of a strategy baked into the portfolio. In case a protocol is exploited or we observe a malicious governance proposal, we will immediately move out of a strategy into stablecoins.
The combination of those factors make it extremely unlikely that any Brotocol user will lose money because of a malfunctioning protocol.
Furthermore, all risk ratings are public in this gitbook, and we might open a public channel on discord with all pending governance proposals. That way the community can help monitoring and alert the core team. Read more about how risk ratings are determined here.
Faulty code could allow attackers to steal funds, or make Brotocol unusable. Famous examples can be found on the rekt leaderboard.
- Brokkr team consists of top-notch smart contract developers
- Contracts are public
- We work together with reputable auditors like Halborn
- We use state-of-the-art auditing tools like slither or Mythx
- Clean and straight-forward code
- Favor simplicity over flashiness
- Extensive documentation
While it's impossible to guarantee the absence of bugs, our high quality approach to security makes us confident that our smart contracts are safe to use.
While the code of a multisig wallet can be totally fine, an attacker could still target members of the brotocol multisig via other channels. Discord, telegram, malware on a laptop and more can be used to gain control of a multisig member.
All multisig wallet members:
- use hardware wallets
- are spread all over the world
- double check any multisig proposal
- communicate over multiple communication channels
- use advanced 2FA methods for any online services
- keep their systems up to date
- use sandbox environments to separate multisig resources from other work resources
While an attacker with enough resources might be able to gain ownership of a single multisig member, we are confident that we do everything right in order to prevent a complete multisig takeover.
If nobody believes in brokkr and its mission anymore, the token price will plumet. This in turn means that the team doesn't have any further resources from the operational reserve. Not having any further funding, means that brokkr development might stop after the funds raised during IDO are all used.
In order to keep trust in brokkr and its mission high, we did and keep doing the following:
- Shipped constantly a product that works
- Kept our promises regarding our roadmap
- Staking -> reward believers and lock up liquidity that can't be sold on the market
- Treasury bootstrapping -> make sure the treasury has funds to grow the treasury and redistribute to token holders
- Provide novel solutions both on UI and smart contract level instead of being a copy-cat
- Distribute fees generating by Brotocol to token holders
- see a potential risk for the DAO which isn't mentioned here
- found a smart contract bug
- see an issue with the underlying chain or used protocols
- something else that could prevent the success of brokkr and its community