Defi protocol PODS' Security Audit by Open Zeppelin



Why Security Audits Matter in Defi

Pods did four security audits on its Pods Yield product. Two successful assessments by OpenZeppelin to fully evaluate the new architectural changes and re-evaluate the existing code.

San Mateo, California –24.01.23– Defi company Pods is announcing the completion of a set of Security Audits, highlighting the recent assessments prepared by OpenZeppelin. The reports are now available: CredShields, ABDK, Open Zeppelin #1, Open Zeppelin #2

“To keep security at a high standard, we architected a hybrid system (on-off-chain) with the best of the two worlds: on-chain security with off-chain liquidity. Less than 1% of the TVL is at off-chain risk. As part of our security layers approach, we finalized two audits with OpenZeppelin along with 2 other audits with CredShields and ABDK. We successfully fixed all issues.” said Robson Silva, co-founder of Pods, in his Audit post. “Security is a main value, understanding smart contract security as layers is one of the ways that we have found to achieve that. System security is like an army. You have different types of soldiers that fit best to certain types of situations. Security is a whole mindset shift.”

Since Defi took off, it fueled a need for blockchain security, Decentralized Exchange (DEX) volumes tripled, and Total Value Locked (TVL) quadrupled. Hackers found new ways to play old tricks, and the majority of Defi platforms exploited in 2021 were unaudited.

Ok, but even on-chain strategies have risks, right? Yes, although the CEX scandals stole the scene last year, we also had on-chain hacks. If you check the rekt leaderboard, the top 4 hacks are already bigger than 2 billion dollars. So… Apart from Audits and a Bug Bounty Program (BBP), here are some architectural decisions that Pods did in order to reduce those risks:

  • No upgradeable contracts: the multisig doesn’t have the power to update the rules of the game.
  • Admin powers (Multisig) don’t have the power to freeze withdraws.
  • Admin powers (Multisig) don’t have the power to withdraw on behalf of any user
  • Admins power can only access 50% of the weekly yield generated by the yield source

The Pods Yield Vault is a one-click deposit investment product that features an options strategy to generate principal-protected returns when the ETH market is volatile. It uses a portion of the yield from stETH assets to invest in the same number of call and put ETH options in an off-chain market. Returns from these investments will be given to the participants who provided their yield to the investor.

According to the report, Pods refactored the codebase to address findings initially reported; within the significant changes made to the codebase. OpenZeppelin recommended Pods obtain a full code re-audit and they proceeded with that. Pods is the security-tested and innovative Defi tool that organizations require for the future of finance.

About Pods:

Pods’ mission is to establish frictionless structured products for crypto assets. Pods was co-founded by Rafaella Baraldo, Robson Silva, and Guilherme Guimarães. The team has built one of the most innovative and safe tools in Defi. With the success of its products, security audits, and brand efforts, Pods has set standards for building Defi methods in a fast-growing sector. The company recently did security audits for its Pods Yield product with OpenZeppelin. The team is excited to offer a safe platform focused on infrastructure and serving professional clients, and investors looking to diversify their portfolio allocation. And, since this is a Defi strategy, users can also inspect the contracts and verify that the code is doing exactly what it is supposed to do, being genuinely trustless.

Find Out More About Pods

Strategies, vaults, primitives, or tooling. We are building DeFi as we would like to use it.

Find out more at Pods Yield app:

Join the Pods community

app | website | documentation | blog | twitter | youtube | telegram | discord