DeFi Safety Introduction
This is the basic “what we do, what’s our goal” article. Enjoy.
What we do
We rate DeFi products on software quality and use of best practices. In DeFi, you have to trust the software as there is nothing else backing you up. We rate DeFi products for two audiences.
- For DeFi users, we provide clear, concise and relevant ratings on project quality, risk, and transparency. So users make informed decisions.
- For developers, we give them clear, achievable goals in software quality and transparency (which will have a full article, soon). In the process, raise the quality of the DeFi software industry.
Our Process
We rate according to our own public process. This ensures that every review we do is made according to a written consistent standard. It makes the scores comparable. This process was designed with the assistance of a team of blockchain security experts. We try to update our process every few months to improve and keep it relevant. All changes are clearly documented. We also plan to revise older reviews regularly, bringing them and their score up to the latest.
What we don’t do
It is important to note what our process does not check. When looking at an application for these elements you must do your own research.
1) Oracles — While oracles are a major element of many recent hacks, it is not yet part of our checks. This is a growth area
2) Centralization — We do not look at how centralized or decentralized either the protocol or the governance
3) Tokenomics — No aspect of the tokenomics is analyzed
4) Investment quality — We do not even glance at the returns, impermanent loss, ROI or implicit investment risk of an application
5) Team Quality — We don’t check the quality of the team, just if they are anonymous or not
6) Governance — The governance process is not assessed. Only the smart contracts are checked for commenting and testing
Public
We only review publicly available data. This means anyone can check any item of any review. With a public process on public data our integrity can be easily verified.
It also assists blockchain transparency. This ensures that all the required data for third party verification is public and clearly indicated; smart contract addresses, software functional documentation, software and economic tests and third-party audits.
Professional and Independent
DeFi Safety is my full-time job. Our focus is improving the quality of DeFi as a whole. We remain fiercely independent. We have never been paid by a developer for a review. We stay away from conflicts of interest as much as possible.
Our process is public, but our finished reports are proprietary. Our brand is the cumulative quality of our reviews.
To date we are keeping our company funding pretty conventional. I will have a future article on long term funding for services such as ours.
Our Goals
Clear, understandable risk ratings throughout the DeFi industry.
High quality, consistent and improving quality processes on DeFi protocols.
Consistent, stable funding with incentives aligned (funded by the users, products for the users).
We do Reviews not Audits
What we do is quite different from smart contract auditors in a number of ways. Smart contract auditors are paid by the developers to check their code. The report is written for the developers (who paid for it) and the report is generally written in technical language. The developers set the scope of the audit both in time and subject. The developers decide if they want to publish the report.
Our target audience is the users of an application, though the developers get value also. We do not ask permission of the devs before a review. We are not paid by the devs, ever. Our customers are DeFi users.
Side Note: We changed our process name from “audits” to “reviews” to minimize confusion. People thought we were smart contract auditors. It is ironic because our process is much closer to an actual audit than what smart contract auditors do.
Tell us how we are doing
Give us feedback on Telegram and Twitter as we continue to evolve to meet the growing DeFi needs.