Rodeo Finance — Security

Rodeo Finance #getleverage

What is Rodeo Finance?

Rodeo provides a simple and secure approach to undercollateralized loans. Rodeo enables users to add leverage on top of popular Defi Strategies and maximize real yields on deposited assets through an intuitive approach to leveraged yield Farming. Built on Arbitrum, Rodeo offers high-yet safe yields, and establishes trust through multiple layers of security.

Simply put, with Rodeo Leverage, users can earn more with less.

In this article, we will explore the various security measures Rodeo Finance has implemented and the strategies we use to protect user funds.

Security First Approach

With the increasing popularity of Defi, it has become easier than ever for new users to get onboarded and start interacting with innovative products and projects. This has brought major innovations to the space and an influx of users and capital, but the rapid pace of innovation also brings with it more possibilities for exploits, hacks, and scams. To move Defi towards the next step of mass adoption, security and trust need to become critical considerations when structuring and building any project, security should always be prioritized over speed.

TL;DR

Rodeo Finance is built with a Security First Approach, and employ a multifaceted security design to ensure the safety of user funds deployed on Rodeo.

Layers of Security

Through the implementation of a layered security approach, Rodeo ensures that funds deposited from all users (yield farmers, degens, whales and institutions alike) are safe when entered into the Rodeo platform both on the lending and leverage side of the equation. These layers include:

1. Code
2. Internal testing / alpha testing
3. Design of money market (ie isolated pools and a “closed” system, )
4. 3rd party audits & Bug bounties
5. Price oracles
6. Caps for lending pool and farm
7. Protocol insurance fund for bad debt
8. OpSec
9. Other

1. Code

As a native L2 protocol built on Arbitrum, we have purpose built our code to optimize the undercollateralized lending features on Rodeo for maximized yields, while implementing several measures in code to prevent known attack vectors such as:

• Funds borrowed on Rodeo are controlled by Rodeo contracts and only allow deposits in approved strategies, as leverage
• Rodeo prevents flash loans and prohibits users from opening and closing positions in the same block
• Admin actions are protected behind a delay/timelock and multisig, no hot/cold wallet with admin access
• Rodeo implements support for ERC-4626 vaults to ensure industry standards of security and structure are met
• All public methods disallow re-entrancy to prevent this common security vulnerability
• Strategies and core logic can be updated in order to respond to changing external factors or security issues
• In the future, critical functions such as approving new pools and farms can be delegated to token holders / DAO

These measures, along with lessons learned from other protocol exploits, help Rodeo to prevent malicious actors from compromising funds stored on the platform.

2. Internal Testing/Alpha Testing

The Rodeo team has an extensive internal testing process that involves both manual and automated testing, including rigorous unit testing, as well as alpha testing with a select group of users.

Before any vaults are released for public use, they undergo thorough testing in a controlled environment, stress tested for exploits.

3. Design of Lending/Borrowing system

Rodeo Finance utilizes a variation on the “isolated lending market” structure. All assets are kept and controlled within the Rodeo ecosystem and only allowed to interact with whitelisted contracts, so while not “isolated” in the traditional sense of the term, in effect the pools are “isolated”.

The price oracle for all lending pools are provided by Chainlink, which has proven to be effectively impossible/impractical to manipulate. But in the event the price of a lending pool was manipulated, the attacker would not be able to drain funds from the other pools Rodeo supports. A position can only borrow from one pool, in the same asset as the collateral they provide, there’s no cross contamination possible.

4. Third Party Audits & Bug Bounties

Rodeo Finance employs third-party auditors to review their code and protocols on a regular basis. While audits are not perfect, this helps to ensure that potential vulnerabilities are identified and addressed before they can be exploited.

Rodeo has undergone its first Audit, results can be found here. Rodeo will engage in multiple Audits as the protocol grows to ensure secure scaling of product offerings. Additionally Rodeo, is maintaining a long term relationship with Auditors for ongoing exploit reviews in between Formal Audits.

To further enhance security measures, Rodeo Finance offers a bug bounty program. This encourages researchers and developers to report any potential vulnerabilities they discover, and rewards them with a financial incentive.

An official bug bounty will be released with all the information related to the program in our Public GitHub; more information to be released on this in the coming future

5. Price Oracles

Lending Pools

Rodeo Finance utilizes proven chainlink oracles for our lending pool major assets (USDC, ETH, wBTC)

Farms

Rodeo uses a variety of proven oracles, including Chainlink for most asset prices. For assets not available on chainlink, Rodeo utilizes TWAPs as a preferred method when available.

For valuing LP positions we do our best to utilize proven methods to make manipulation impossible such as calculating UniswapV2 reserves in a way that can’t be manipulated by flash loans, or Curve LP tokens using the integrated price oracle.

The oracles provide reliable price feeds for each asset and ensure safety and stability of the Rodeo platform, resistant to external manipulation

6. Caps for Lending Pool and Farm

As part of our risk mitigation strategy, Rodeo Finance has implemented a cap and raise approach for both their lending pools and farms.

Rodeo will limit the amount of funds users are able to deposit into the respective pools and farms and will slowly raise the limits based on performance, time, and additional security check (such as audits)

7. Protocol Insurance Fund

Rodeo has implemented a Protocol Insurance Fund, the purpose of the insurance fund is to compensate lenders in the rare chance of a shortfall event (such as exploit, oracle risk, bad debt case).

The risks associated with a shortfall event are diminished through the implementation of the various security measures outlined in this article, the Protocol Insurance Fund acts as an emergency fund only deployed in the case where a user experiences a loss of funds due to an outlier event.

All fees accrued and collected by Rodeo are deposited into the lending pool until withdrawn by Rodeo, these fees will be utilized as the basis of the Protocol Insurance Fund used to secure the protocol.

Note: the Insurance Fund does not cover liquidation events or external manipulation events outside of the control of Rodeo (such as chainlink oracle manipulation, block chain exploits, etc)

8. OpSec

Often overlooked in DeFi, Rodeo implements strict OpSec measures and procedures including:

• Establish and enforce access control parameters for critical systems
• Utilize secure authentication and communications protocols
• Risk management and regular testing for intrusion and exploits
• Incident reporting and response structure
• Admin role managed by Multi Signature w/ timelock. No hot/cold wallet with admin access.
• In the future some critical functions like approving new pools and farms would be delegated to token holders

By adopting a Security First Approach, Rodeo provides a secure and trustworthy platform, with the potential to generate high returns via leverage and lending. This approach allows users, whales, and institutions alike to confidently store their funds without compromising their security.

Wen Leverage?

Rodeo Finance is currently in private Alpha testing. Rodeo Finance will be opening for public testing, coming soon™.

There are possible retroactive rewards available for participation and contribution to the project, and limited space available.

If you would like to be considered for Alpha testing, join our discord to be the first to know when we open for another round of testers.

Join the Rodeo community now to stay up to date on our upcoming releases, and partnership announcements. We’ll be hosting AMAs, previews, and sharing plenty of alpha:

Discord | Twitter | Website | Documentation