Security
How we mitigate risks
Last updated
How we mitigate risks
Last updated
The DeFunds platform has its global whitelist of permitted ERC20 tokens for each supported network. This list restricts the trading capabilities of the manager, but provides the user with the assurance that tokens with a bad reputation or low liquidity will not be purchased by manager, using their funds. On another hand, whitelist prevents DeFunds to launch unwanted into unwanted ERC20 token. For user convenience, this list has been categorized into several groups to simplify the quick addition of tokens when creating a fund, such as Top50 Capitalization, Top Blockchains, etc.
DeFunds reserves the right to edit the content of the global whitelist.
Every fund has its own list of allowed ERC20 tokens, that manager is able to operate with. This limit is implemented in the Trade contract. Actually this list is a subset of the global DeFunds whitelist. Manager needs to decide in advance, which tokens he wants to trade, by selecting a list when creating the fund. This list is public and visible for all investors, since it can impact investors' strategy.
Updating the list of allowed tokens is available only through the
DeFunds
Optimism: , , , , , , , , , , ,
BSC: , , , , , , , , , , , , , , , , , , ,
Arbitrum: , , , , , , , , , , , , , , , , , , , , ,
DeFunds is integrated with different services on different networks:
BSC -
Arbitrum - ,
Optimism - ,
Only the fund owner is able to update its allowed tokens or services. The algorithm is as follows:
The fund owner submits a request for an update
After one week delay, he is given the opportunity to confirm the update
The request can also be canceled by manager
The delay limit is implemented on-chain in the TradeParamsUpdater contract. All investors are being notified about the update in advance, a week before the update. It is needed to make a withdrawal request, if updates in the fund's settings are not satisfiable for them. Confirming the update by manager is not allowed while there are unprocessed withdrawals in this fund.
Our smart contracts are using the Proxy pattern, so they are upgradable, and it allows us to update the logic and integrate with new services. However, we cannot update contracts suddenly. Any changes to the platform's logic occur through user notification, and require a delay to be applied after. Upgrader contract handles this logic. Changes in contracts follow a similar logic to updating fund's settings:
One of our contributors submits a request to use a new contract implementation
All users are informed of the upcoming update. In case of unwanted changes, investors have the option to submit withdrawal requests from the funds, as well as managers can just close their funds
Indent period is disabled, if update date is closer than planned report
After a one week period, an unplanned report is triggered for all funds
The platform starts using the updated set of contracts
The update request can be canceled by contributors
Confirmation of the update is not possible until the 1-week period has expired or if there are unprocessed withdrawal requests in any fund. This ensures the absence of unpredictable changes to the smart contract, which are the core of the system.
Manager needs to decide in advance, which services to work with, by selecting a list when creating the fund. Every fund has its own list of allowed services, it is visible for all investors. Trade contract limits the fund's use of external services based on this list. Allowed services can be updated by the
Unplanned happens after one week delay
period is disabled, if update date is closer than planned report date
To prevent counter-party risks and risks of compromisation all global changes such as and fees configurations are governed by multisig wallets.