Paranoid by Default: How KogeFarm Takes User Security Seriously
At Koge, we understand that the crypto world, especially decentralized finance (DeFi), can be unpredictable and sometimes shady. It seems like every other day, yet another platform generates ton of hype, takes on millions of investor money, and disappears.
“This isn’t a scam!” is an all too familiar phrase you hear every token and DeFi application saying in the DeFi world. But how can you be sure? How can you actually trust an organization if everyone’s saying yet not everyone is telling the truth?
Two ways:
- By being audited by a prestigious and trustworthy organization.
- By making it impossible to scam you.
Let’s break those down.
Trust through Third-Party Validation
One popular way DeFi organizations attempt to gain trust is via an independent audit. Organizations hire expensive auditors with a trustworthy background and a reputation for thoroughness. These auditors then dig into code, turn over rocks, and inspect everything they can to assess the “rug risk.”
KogeFarm decided early that an audit was important and hired the Polycat auditor Obelisk, a trusted auditor in the DeFi space. We paid too much money for an Obelisk audit not just to prove to our users we’re on the up and up, but to also point out any potential vulnerabilities and ways to scam users we weren’t even aware of!
In the end, Obelisk gave us a clean bill of health and also identified a few areas where we could improve, which we promptly addressed. None of them put our users’ capital at risk.
If you’d rather not read the entire Obelisk audit report, below are the two items they found and what we did to correct them:
- Emergency withdrawals did not pause vault to new deposits — We addressed this concern by making deposits impossible once we activate the emergency withdrawal function.
- Potential reward front-running — We addressed this concern by harvesting more frequently (every twenty minutes) and harvesting prior to every deposit into a vault. By calling the harvest() function before every deposit this makes front running literally impossible, and allows us to remove deposit and withdrawal fees so many other yield optimizers rely on to discourage front running.
Because we’re committed to earning your trust, the community-driven KogeDAO also voted to perform a second audit! Obelisk did a great job with our first audit, but we’re known to be a little paranoid when it comes to user security. As of this writing, we are streamlining our contracts and getting quotes for this second audit.
Update: Our second audit was completed by Paladin as more proof that KogeFarm is a safe place to deposit your money.
Open Source Code
Our code started with and will always remain open-source on PolygonScan and in our GitHub repositories. Are you a skeptical Solidity developer? By all means, have a look for yourself! We develop our platform in complete transparency. Anyone in the world can audit our code, not just the expensive auditors!
Trustless by Design
Smart contracts are the main driver behind the rise in DeFi. They’ve helped drive innovation in the DeFi space and have proven a powerful tool. But, as Spider-Man said, “With great power comes great responsibility,” and some bad actors have chosen to use their power for evil.
From the onset of KogeFarm, in addition to third-party validation, we decided to make it impossible to scam you! How? By designing our smart contracts to be completely trustless.
Unlike many other vault projects (not to be mentioned to protect the guilty), we designed our contracts to explicitly prevent us (or a hacker who obtains our keys) from fraudulently taking funds from the vault. How?
- By disabling the ability to migrate your funds anywhere other than the pre-defined strategy. We do not have functions in our smart contracts like the
upgradeStrat()function you see below. Although functional in some situations, it opens a potential risk to our users, so we do not use it.
- By disabling the ability to access your underlying liquidity provider (LP) tokens. One area where we protect funds is through our smart contract’s
salvage()function, shown below. Notice below that the LP tokens (“want”) and reward tokens (“harvestedToken”) cannot be withdrawn by the contract owner.
function salvage(address token) public onlyOwner {
require(token != want && token != harvestedToken, "cannot salvage");
uint256 _token = IERC20(token).balanceOf(address(this));
if (_token > 0) {
IERC20(token).safeTransfer(msg.sender, _token);
}
}All in all, it was and still is our primary goal to develop a system that allows you to be in ultimate control of your funds.
At this point, you might be asking yourself:
What if a hacker steals our admin keys?
If, in the unfortunate event, that a hacker steals our admin keys, they couldn’t do much anyway since we alone can’t do much!
Theoretically, a hacker could increase your reward fees (up to 10%) or stop compounding rewards by emergency withdrawing from the underlying farm into a “jar” they cannot access anyway. Only the depositors themselves can withdraw their LPs from the “jar.”
But isn’t a time lock good enough?
No. In contrast to many other vault projects that offer time locks, our contracts do not allow anyone other than you to access your LP tokens at any time.
A timelock only delays a potential threat to your funds; it doesn’t completely remove it. A timelock requires someone to be monitoring a specific activity constantly. When that doesn’t happen, ask Compounder Finance and their $12 million exploit what can go wrong.
Going with our paranoid nature, we designed our vault contracts from the ground up to not allow us or anyone else to touch the vaults’ LP tokens. We consider your LP tokens sacred and see no reason why we should ever need the ability to manage them for you.
Conclusion
Crypto (and the DeFi space in particular) can sometimes be a shady place to trade in. We understand that users may be wary of putting their funds in any vault project. But know that we put your security as a top priority and are ready to back up that claim at any time.
