DeFi Security Spotlight: Our Processes for Maximizing Alpaca Finance’s On-Chain Security for Automated Vaults using Chainlink, Automation, and Double-Audits
As many of you know, we recently launched our Automated Vaults, where users can earn up to triple-digit APYs on market-neutral positions without the risk of liquidation. These vaults were met with tremendous demand, filling the $100Mn capacity within weeks, with the 8x vaults filling only minutes after launch.
Yet, every time Alpaca Finance launches new major products or features, security is and will always be the highest priority. So that’s why we’d like to share this article to explore our security processes for utmost transparency.
To ensure the maximum safety of our new Automated Vaults, Alpaca Finance has integrated high-quality market data from Chainlink Price Feeds and also features 24-hour automation, double audits, an ongoing $100k bug bounty with Immunefi, and the Alpaca Insurance Plan as a fallback in the unlikely event that anything ever goes wrong. Below, we give more details on each key security layer.
Chainlink Price Feeds
Decentralized, high-quality market data from Chainlink, the industry-leading oracle solution, provides a tamper-proof foundation to prevent hackers from manipulating asset prices and extracting undue profit from Alpaca Finance’s platform. Chainlink Price Feeds also help ensure that the rebalances of Automated Vaults can happen at up-to-date market prices at any time, which is crucial for automated strategies that need to rebalance quickly when market conditions become volatile.
Last year, we integrated Chainlink Price Feeds as our primary price data source for BNB Chain. This year, we also integrated Chainlink Price Feeds into our Fantom platform, and these feeds act as a robust market check across Automated Vaults.
We chose Chainlink Price Feeds because they offer top of the line features, including:
- High-Quality Data — Chainlink Price Feeds source data from numerous premium data aggregators, leading to price data that’s aggregated from hundreds of exchanges, weighted by volume, and cleaned of outliers and wash trading. Chainlink’s data aggregation model generates more precise global market prices that are inherently resistant to inaccuracies or manipulation of any single or small set of exchanges.
- Reliable Nodes — Chainlink Price Feeds are secured by independent, security-reviewed, and Sybil-resistant oracle nodes run by leading blockchain DevOps teams, data providers, and traditional enterprises. Chainlink nodes have a strong track record of reliability, even during high gas prices and infrastructure outages.
- Decentralized Infrastructure — Chainlink Price Feeds are decentralized at the data source, oracle node, and oracle network levels, generating strong protections against downtime and tampering by either the data provider or oracle network.
- Blockchain Agnostic — Chainlink is blockchain agnostic and already live on Fantom and multiple other blockchain networks, making integrations seamless as we expand Alpaca Finance’s Automated Vaults to new chains in the future.
In addition to Chainlink Price Feeds, we have also developed our own in-house price oracle logic engine called the Alpaca Guard. Alpaca Guard acts as the verification and logic layer after data is input from the Chainlink Price Feeds. During periods of high market volatility, Alpaca Guard has the ability to enter Protection Mode, protecting users’ assets from price manipulation and flash liquidations.
For example, if the price of BNB instantly drops by 30% due to low liquidity on one exchange, and then BNB recovers seconds later, the Alpaca Guard will prevent positions from getting liquidated at the -30% price wick.
For our Automated Vaults, Chainlink Price Feeds also play a crucial role. Automated Vaults allow users to farm yield using market-neutral strategies, meaning users have little to no market exposure. This is accomplished by simultaneously opening up both a long and short position so that no matter where the market moves, the profits and losses from either side of the equation equal out to zero. However, as the market moves, it’s possible for the net exposure to deviate away from zero due to the shifting nature of LP positions’ asset balances. That’s why Automated Vaults automatically rebalance positions until their aggregate market exposure reverts back to zero, giving users easy access to high-yield, pseudo-delta-neutral strategies.
For all of this to work though, accurate and real-time price data feeds are necessary to calculate portfolio rebalances in order to help maintain zero market exposure at all times. Faulty or inaccurate price data could result in incorrectly calculated positions, which could expose users to losses from market movements. Chainlink Price Feeds provide this around-the-clock reliability that helps ensure Automated Vaults operate as intended.
Even with perfectly accurate price feeds, rebalancing still needs to occur quickly after market prices move in order to maintain neutral exposure. That’s why we have automated bots running 24–7 and in multiple locations to avoid single points of failure.
By seeking not one but two complete audits on Alpaca Finance’s major features, we can ensure an ironclad code base. In fact, Alpaca Finance has completed a total of an industry-leading 22 audits on our platform. Each module or smart contract on Alpaca Finance has been audited and then audited again, which is one of the reasons why we’ve never had a security issue. Despite few protocols going this far to improve security, we believe it’s important to reach as close to 100% safe as possible, and that’s why our users rely on us as a safe haven to park their funds without a second thought.
$100k Bug Bounty and Alpaca Insurance Plan
Our bug bounty with Immunefi incentivizes white hats and programmers to check our open source code for issues as an additional safety layer. Furthermore, our internal Insurance Plan acts as a safety net for users should there ever be an actual shortfall. So not only do we put as much effort as possible into accident prevention, but are also prepared in the event of a black swan.
As you can see, we take security as seriously as we do generating profits for our users, which is why we integrate the best blockchain infrastructure, such as Chainlink. . Because at the end of the day, high APYs are pretty, but there’s no APY large enough to recover a 100% loss of funds from a hack. So don’t gamble with your money when you don’t need to. After all, with products like our Market-Neutral Automated Vaults, you’re already freerolling in the alpha.
About Alpaca Finance
Alpaca Finance is the largest lending and savings platform providing high-yield, capital efficient products on BNB Chain, and recently launched on Fantom. Alpaca helps lenders earn safe and stable yields, and offers borrowers undercollateralized loans for leveraged yield farming positions, vastly multiplying their farming principals and resulting profits. Furthermore, Alpaca allows users to take out traditional DeFi loans by minting the stablecoin AUSD, and to invest in hedge-fund-level automated strategies. To learn more about Alpaca, visit alpacafinance.org or the links section in the docs for social media and other resources.