⚠️Risks and Securities
BlueBit Finance has been built with safety and security in mind. However, be aware that investing in any DeFi project has risks. DeFi is relatively new and black swan events could occur that no one has predicted. Only invest what you can afford to lose and always do your own research (DYOR) before committing funds to any project.
All vaults and codes are experimental. Please use it at your own discretion.
The risks related to the protocol may potentially include but are not limited to:
Risk: Malicious developer activity (e.g. rull pulling, exit scams)
This is the risk that developers (or thieves who steal the development keys) could make changes in the code that would allow them to drain funds.
Mitigative measures:
-KYC (know your customer)
BlueBit is a proud Aurora grant recipient. Upon receiving the grant fund, the team has passed KYC conducted by the NEAR foundation team.
-no migrator code
The migrator function gives the owner of the Masterchef contract the ability to move all funds to another wallet, and thus steal user funds. There is no migrator code in BlueBit contracts.
-24-hour timelock
Timelock is a contract for delaying changes to the protocol. This contract was built on top of all the major contracts in BlueBit Finance. Hence, every change needs to execute through this contract, which makes it function as a security moat.
In practice, every order from the admin has to pass through this contract and is delayed for 24 hours before taking effect. This enables the community to see any upcoming updates and prepare in advance for them. If anything looks suspicious, they would have time to withdraw their funds from the protocol before the update takes effect.
-multisig holder
Currently, the BlueBit Treasury wallet address is locked and protected by the Gnosis Safe Multisig.
Initial signers for this multisig is Peter, Leon and Nathan(all are core team members) in a 2/3 multi-sig setup. We will look to involve trusted community members in the multi-sig as well as BlueBit goes fully governed by BlueBit DAO.
BlueBit Treasury Gnosis Safe Multisig: 0x09fB150FA3A12F5f6c498b8c65db97f897aa8d64
Risk: Smart Contract Risks
This is the risk that flaws/bugs exist in smart contracts which can lead to a loss of funds either by accident or by malicious exploitation.
As BlueBit interacts with other projects, there is smart contract risk both in the BlueBit contracts and in all the contracts which BlueBit interacts with.
Mitigative measures:
-bug bounty
we are working closely with the ImmuneFi team for a bug bounty program.
-open-sourced code
All deployed contracts have verified and published source codes on AuroraScan.
Risk: Third-party Platform Risks
users are beholden to any risks that pertain to our partnered platforms or protocols (e.g. Trisolaris), as we integrate directly with them. Please also review their documentation and risk explanations before interfacing with either platform.
Mitigative Measures:
-whitelist
We're very carefully selecting our partners and pools to be integrated. Pool selection will be subject to a whitelist rule:
The protocol has to be a recipient of official NEAR foundation grant
The protocol has to be audited by at least one widely recognized security audit
The pool has a minimum TVL requirement of 1.5M to avoid price fluctuation and potential severe impermanent loss due to trading slippage.
the whitelist will be reviewed and adjusted on a bi-weekly basis or as needed
Risk: Impermanent loss
The risk of impermanent loss (IL) is present whenever you provide liquidity to a liquidity pool.
What is means is the (impermanent) loss of funds due to one of the assets in the pool being volatile in relation to the other.
This article from Binance Academy provides more details on IL.
Mitigative Measures:
Only bluechip token pairs are selected into BlueBit vaults, e.g. TRI, USDT, USDC, ETH, WBTC, wNEAR, stNEAR.
To minimize the risk of IL you can choose to yield farm assets which have a high correlation (e.g., stable coin pairs) and avoid volatile pairs.
Note that the risk of IL is offset somewhat by the higher rewards offered for pairs that are more volatile. It is up to you as an investor to decide what strategy you are most comfortable with depending on your risk tolerance.
Last updated
