Why We Chose NOT To Spend $9K On KYC And Paladin Audit For Layer 4
People are always concerned with safety in DeFi. For good reason. Most people investing in poocoins and yield farms really need to take some time to get educated on how “rug pulls” and other scams happen. Although, scammers will always find new ways to exploit and take advantage of investors, there is a lot that can be learned be spending just a short time separating fact from fiction.
RugDoc.io is a fantastic resource for investors. If you haven’t heard of them, they started a review website, specifically for yield farms. For the most part, they do a pretty darn good job. If you aren’t going to educate yourself, you can at least use a site like theirs and get an idea if a farm is high risk, or down to low risk. You can probably see now why, farms like ours like to submit our code to them for review. They also offer a service for developers; pay $5000 for a KYC (Know Your Customer. This gives great confidence for investors because as you can imagine, the moment a developer rugs its investors, RugDoc can report them to the authorities.
There is problem for newer farms though; they want $5000 every time you launch a new farm. $5000 to do the same 45 second interview on Zoom and a few screenshots of passports and access to the Masterchef and fee wallet. When planning the business development of AstroFarms, just like any business, we need to budget. We’re using the same code. The same wallets. We’re the same people. In a moment, I’ll show you how simple it is to check. If you are an investor, you my suggestion would be, education yourself. Little tips like this, will go a long way in providing security for your investments. As much as you can anyway.
Firstly, let me address why we did not use Paladin for another audit. Palidin Blockchain Security is another great company. They are experts in auditing and consulting to ensure real yield farms get their code in order, preventing exploits and just like RugDoc, nothing is 100% secure but investors can feel a lot safer with the full Paladin audit checked off. However, an audit is $4000. While this made sense for us on the previous layer Virgo, we could not justify spending that money again when we used the exact same code for layer 4, Libra. There is no need to have someone go through the code line by line.
Our good friend GOOGLE is happy to do that for us.
The first thing you’ll want to verify is this little notation on a RugDoc review:
Let’s open up a new browser and get the following tabs going:
You’ll notice on the bottom right of the home page, the Masterchef, Timelock and Token Contracts. These are all direct links. From both sites, click each contract address and they’ll open up Polygonscan.
Now go to the Masterchef for each and click “Read Contract”
Scroll Down until you see the owner. We’re going to identify if the owner of the contract has the same address in the Timelock. In this case the owner of the Libra MC is listed at #15 and the address is 0x….f46c. When we look at the timelock we confirm, the contract for the Libra timelock is the same: 0x….f46c. Here is a screenshot for the timelock contract.
First checkmark.
Now let’s find out if the $LIBRA token is owned by the masterchef. We’re going to do this the exact same way. Go to the polygonscan for the token. Click read contract and scroll down to the owner. Compare that contract address to the masterchef. Are they the same? In this case, they match: 0x…5087.
Second checkmark.
Now let’s understand why this is so important. This means, the masterchef is owned by the timelock and the token is owned by the masterchef. The team cannot just print tokens and dump them which is how may scammers rug investors.
Now, let’s gets borrow our friend GOOGLE and verify why we did not require an audit for the same masterchef yet, we claimed we are Paladin audited.
Find your polygonscan tabs for the masterchefs from the Virgo and Libra misson. This time, when you’re in the contract, you’ll want the code tab.
Next, you’ll see towards the right, above the (box of) code, a handy copy button. Copy the Virgo masterchef and go to GOOGLE and search “code compare”. You can bookmark this link if you like: https://url-decode.com/tool/code-compare
When you paste Virgo’s masterchef in the left side, the first thing you’ll notice is it’s all yellow. That’s because, any difference in the code will pop out in yellow. Since we don’t have the Libra masterchef in the right side to compare yet, it’s all yellow!
Go ahead and copy the masterchef from Libra and paste it into the right panel. Then we’ll start to look at the highlighted differences. Scroll right to the top and you’ll see the first difference. We’ll work our way down. The first difference is easy. The dates are different which makes sense, since they contracts were deployed at different times.
Continue working your way down. We see the next change at line 1079. This is just the names and symbols: Virgo and Libra.
Directly below, there is a significant amount of difference. The Virgo masterchef has many lines about governance. These lines of code were removed from the Libra masterchef because Paladin suggested that these line were not necessary. You can view the full audit from our whitepaper here. Paladin found the governance functions to be broken and therefore, could be removed. In addition, nothing else was added.
Continuing to scroll down you’ll notice, most of the changes are Virgo to Libra. At line 1516, you’ll notice some changes with the NFT portion of the code. All of the NFTs have the same token address but a unique item number. We simply removed the “forgeTokenLeo or forgeTokenCancer etc and, replaced with “forgeTokenNft. This is simply to clean up the code. Then you’ll notice the Libra NFT was added to the Libra contract. Instead of the 4 NFTs from the Virgo layer, now there are 5 NFTs. This will of course happen on every layer as the multipliers change with the addition of a new layer AstroPowerUP.
Continuing to scroll down, the changes are all the same: Virgo to Libra and NFT adjustment. When you get to line 1362 on the Libra code, you notice an addition of the check for Libra NFT. That’s so that the layer can identify if you hold the new NFT and can use the multiplier. I should also remind you that the the governance portion was removed from the Libra masterchef, in case you noticed that the corresponding line numbers are different now.
On line 1463 of Libra is where the multiplier amounts change. As every new layer launches with a new NFT, each multiplier goes down to account for the new NFT and the max multiplier of 2X when holding the full set.
Continue to scroll down. Here’s where we want to make sure that the code is not changed. This is the most important part. We’re at line 1744 on the Virgo code. If this code is not changed, we have the same contract. You’ll notice as you scroll, Virgo has simply been changed to Libra.
As we scroll, we want to take note very important sections. The deposit function (the portion of the contract that handles your deposits), has not been changed. This is how some developers get you with 100% deposit fees for example. Simply, Virgo to Libra.
Withraw fuction is the same; Virgo to Libra. Emergency withdraw, the same.
So you can see, by taking a few minutes to educate yourself, you now have a good understanding about why spending $9000 could be better allocated for marketing, partnerships, vaults, and so much more. Feel free to join our Telegram if you have any further questions!
A special thanks to one of our investors and supporters for making a video showing in detail, what I’ve mentioned above. If you are interested, check it out here!
