Alpaca Finance
Published in

Alpaca Finance

DeFi Security Spotlight: Our Processes for Maximizing Alpaca Finance’s On-Chain Security for Automated Vaults using Chainlink, Automation, and Double-Audits

As many of you know, we recently launched our Automated Vaults, where users can earn up to triple-digit APYs on market-neutral positions without the risk of liquidation. These vaults were met with tremendous demand, filling the $100Mn capacity within weeks, with the 8x vaults filling only minutes after launch.

Yet, every time Alpaca Finance launches new major products or features, security is and will always be the highest priority. So that’s why we’d like to share this article to explore our security processes for utmost transparency.

To ensure the maximum safety of our new Automated Vaults, Alpaca Finance has integrated high-quality market data from Chainlink Price Feeds and also features 24-hour automation, double audits, an ongoing $100k bug bounty with Immunefi, and the Alpaca Insurance Plan as a fallback in the unlikely event that anything ever goes wrong. Below, we give more details on each key security layer.

Chainlink Price Feeds

Decentralized, high-quality market data from Chainlink, the industry-leading oracle solution, provides a tamper-proof foundation to prevent hackers from manipulating asset prices and extracting undue profit from Alpaca Finance’s platform. Chainlink Price Feeds also help ensure that the rebalances of Automated Vaults can happen at up-to-date market prices at any time, which is crucial for automated strategies that need to rebalance quickly when market conditions become volatile.

Last year, we integrated Chainlink Price Feeds as our primary price data source for BNB Chain. This year, we also integrated Chainlink Price Feeds into our Fantom platform, and these feeds act as a robust market check across Automated Vaults.

We chose Chainlink Price Feeds because they offer top of the line features, including:

  • High-Quality Data — Chainlink Price Feeds source data from numerous premium data aggregators, leading to price data that’s aggregated from hundreds of exchanges, weighted by volume, and cleaned of outliers and wash trading. Chainlink’s data aggregation model generates more precise global market prices that are inherently resistant to inaccuracies or manipulation of any single or small set of exchanges.
  • Reliable Nodes — Chainlink Price Feeds are secured by independent, security-reviewed, and Sybil-resistant oracle nodes run by leading blockchain DevOps teams, data providers, and traditional enterprises. Chainlink nodes have a strong track record of reliability, even during high gas prices and infrastructure outages.
  • Decentralized Infrastructure — Chainlink Price Feeds are decentralized at the data source, oracle node, and oracle network levels, generating strong protections against downtime and tampering by either the data provider or oracle network.
  • Blockchain Agnostic — Chainlink is blockchain agnostic and already live on Fantom and multiple other blockchain networks, making integrations seamless as we expand Alpaca Finance’s Automated Vaults to new chains in the future.

In addition to Chainlink Price Feeds, we have also developed our own in-house price oracle logic engine called the Alpaca Guard. Alpaca Guard acts as the verification and logic layer after data is input from the Chainlink Price Feeds. During periods of high market volatility, Alpaca Guard has the ability to enter Protection Mode, protecting users’ assets from price manipulation and flash liquidations.

For example, if the price of BNB instantly drops by 30% due to low liquidity on one exchange, and then BNB recovers seconds later, the Alpaca Guard will prevent positions from getting liquidated at the -30% price wick.

For our Automated Vaults, Chainlink Price Feeds also play a crucial role. Automated Vaults allow users to farm yield using market-neutral strategies, meaning users have little to no market exposure. This is accomplished by simultaneously opening up both a long and short position so that no matter where the market moves, the profits and losses from either side of the equation equal out to zero. However, as the market moves, it’s possible for the net exposure to deviate away from zero due to the shifting nature of LP positions’ asset balances. That’s why Automated Vaults automatically rebalance positions until their aggregate market exposure reverts back to zero, giving users easy access to high-yield, pseudo-delta-neutral strategies.

For all of this to work though, accurate and real-time price data feeds are necessary to calculate portfolio rebalances in order to help maintain zero market exposure at all times. Faulty or inaccurate price data could result in incorrectly calculated positions, which could expose users to losses from market movements. Chainlink Price Feeds provide this around-the-clock reliability that helps ensure Automated Vaults operate as intended.


Even with perfectly accurate price feeds, rebalancing still needs to occur quickly after market prices move in order to maintain neutral exposure. That’s why we have automated bots running 24–7 and in multiple locations to avoid single points of failure.

Double Audits

By seeking not one but two complete audits on Alpaca Finance’s major features, we can ensure an ironclad code base. In fact, Alpaca Finance has completed a total of an industry-leading 22 audits on our platform. Each module or smart contract on Alpaca Finance has been audited and then audited again, which is one of the reasons why we’ve never had a security issue. Despite few protocols going this far to improve security, we believe it’s important to reach as close to 100% safe as possible, and that’s why our users rely on us as a safe haven to park their funds without a second thought.

$100k Bug Bounty and Alpaca Insurance Plan

Our bug bounty with Immunefi incentivizes white hats and programmers to check our open source code for issues as an additional safety layer. Furthermore, our internal Insurance Plan acts as a safety net for users should there ever be an actual shortfall. So not only do we put as much effort as possible into accident prevention, but are also prepared in the event of a black swan.

As you can see, we take security as seriously as we do generating profits for our users, which is why we integrate the best blockchain infrastructure, such as Chainlink. . Because at the end of the day, high APYs are pretty, but there’s no APY large enough to recover a 100% loss of funds from a hack. So don’t gamble with your money when you don’t need to. After all, with products like our Market-Neutral Automated Vaults, you’re already freerolling in the alpha.

About Alpaca Finance

Alpaca Finance is the largest lending and savings platform providing high-yield, capital efficient products on BNB Chain, and recently launched on Fantom. Alpaca helps lenders earn safe and stable yields, and offers borrowers undercollateralized loans for leveraged yield farming positions, vastly multiplying their farming principals and resulting profits.‌ Furthermore, Alpaca allows users to take out traditional DeFi loans by minting the stablecoin AUSD, and to invest in hedge-fund-level automated strategies. To learn more about Alpaca, visit or the links section in the docs for social media and other resources.




Alpaca Finance is a leverage yield farming protocol built on BNB Chain and Fantom. It allows yield farmers to earn higher returns by opening leveraged positions

Recommended from Medium

QuarkChain Bi-weekly Project Progress Report: Dec.14— Dec. 28, 2018

REX NFT - How Tokenization Will Improve the Renewable Energy Credit Market

The state of client diversity in Ethereum

STORE selects Liechtenstein for its Foundation Location 🇱🇮

STORE is a new layer one staking protocol at the intersection of cloud computing and Web3. STORE Governance is a checks and balances democracy. The STORE Foundation will be in Liechtenstein.

BananaSwap’s partnership announcement with Pyth Network

Core Team AMA Recap (DAO Vote)

SuperLauncher introduces superior multi-chain node infrastructure to its network

5 Blockchain Trends to Track in 2022

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samsara NotALlama

Samsara NotALlama

Head of Strategy and Marketing at

More from Medium

An Avalanche of DeFi: and Pollen

Herd Blitz: SteakHut Protocol Launch

Grazing Range Pool#49 — Welcoming TINC to the herd!

Yeti Finance integrates with Aave V3 to offer up to 21x leverage at 0% interest on aTokens