Leech Protocol

#security

Guide from Hacken: How to choose a secure yield farming platform?

Guide from Hacken

Home | News & Insights Guide from Hacken: How to choose a secure yield farming platform? The quest for the best yield farming platform is underway. You have already studied the light papers and know the average APYs across the market. The next big step is to look into security. So many questions. Where to start, and what’s essential? How to calculate the risks? Where to get objective data? How long would it take? With a little bit of expert help, you can easily perform your own accurate and time-efficient Due Diligence to get ahead of the curve. We teamed up with a leading blockchain cybersecurity company Hacken to get the answers. We chose Hacken because they are industry experts in smart contract audits and know everything about blockchain security. CoinMarketCap and CoinGecko recognize Hacken’s audit reports, which speaks volumes about their industry recognition. Hacken is at the forefront of industry-wide smart contract audit standards as they are one of the contributors to EthTrust Specification. With five years of experience, 180 partners, and more than 1,000 protected clients, Hacken is among the top blockchain security auditors. Here’s a step-by-step guide from Hacken’s cybersecurity experts on how to choose the most secure platform for yield farming. Step 1. Check Scope and Relevance of Smart Contract Audit It’s impossible to overestimate the importance of smart contracts for yield farming platforms. A Smart contract is a code that governs and automates transactions. It typically consists of multiple functions, such as staking, withdrawing, lending, etc., that power up a DeFi platform’s operations. Secure smart contracts work as intended every time without any loophole for manipulation. Unfortunately, smart contracts are rarely without vulnerabilities. The most common are: All these vulnerabilities enable data breaches or private key leaks. The good news is that yield farming platforms can address these vulnerabilities with an external audit. An external audit is basically a thorough code review to ensure that all functions of the smart contract code work as intended without any hidden loopholes. Writing perfect code is almost impossible because developers are only humans who occasionally make errors. This is especially true when devs are constrained by time and resources. Smart contracts are vital for secure yielding platforms, but not all audits are created equal. Relevance and coverage are two main questions you must consider. The audit must be relevant and cover the entire project. Web3 projects typically have multiple smart contracts to ensure all of their features work as intended. All contracts (not just one) must be audited. Checking audit relevancy and scope with an example Step 1. Locate Public Audit Let’s take a look at one of Hacken’s clients, Zharta — a lending platform. Notice “Auidited by Hacken” badge on their website. Conveniently, Hacken website provides a list of all the public audits it has completed. We can easily locate Zharta’s audit here. Step 2. Locate a codebase repository First, let’s head to the “Scope” section on Page 4. We have a link to the repository and commit. The repository here matches the codebase that Hacken audited. Step 3. Check audit relevancy Once in their GitHub repository, notice the date of the last commit for ./protocol-v1/contracts/ (highlighted in red). The date of the last commit matches the date of Hacken’s audit. As a result, the audit is 100% relevant (as of the day of writing). Step 4. Check audit scope Inside the same folder (protocol-v1/contracts/), we have counted the number of key files — 12 smart contracts in the Vyper programming language. Inside the protocol-v1/interfaces folder, we count 11 contracts. Noooow, let’s compare this number with what’s inside the audit report. Go to Hacken’s audit report once again, and locate the Audit Scope section for the Fourth review scope. The audit by Hacken reviewed 12 contracts in the ./contracts folder and 11 contracts in the ./interfaces folder. Zharta’s codebase is powered by the same number of contracts. Therefore, the audit covers close to 100% of the key on-chain functionality. Step 5. What about vulnerabilities? It’s finally time to look at found issues inside the report. Hacken found 2 critical issues, 16 high, 5 medium, and 4 low. Three iterations later, Zharta developers resolved almost everything. You can read more about each found issue and how it was fixed in the report. Also, the final audit score is 8.4 It’s time for conclusions The Zharta landing platform has almost perfect audit coverage and relevancy with a very high score of 8.4. However, not all audits are this diligent. Unfortunately, we have hundreds of crypto projects with low coverage and a codebase that is no longer relevant. Again you can check Audit Relevancy and Audit Scope metrics at CER.live, but not all projects are listed there yet. Step 2. Is the Blockchain Protocol Safe? A protocol audit is different from a smart contract audit. Yield aggregators can interact with one or more blockchains. Leech, for example, works across 12+ blockchains. Some chains, such as Ethereum or Avalanche, are well-established with minimal security concerns. New chains are less recognized and don’t enjoy the same level of trust. DefiLlama lists 290 yield farming protocols working across more than 50 chains in total. You cannot assume that each one is safe. A new chain can earn trust by having an external blockchain audit. To verify whether a blockchain is audited, go to its website and check for the security page. Alternatively, information about the audit can be retrieved from the project’s repository on CoinGecko’s Security tab. Step 3. Background Check The significant purpose of a background check is to minimize the risk of a rug pull. Not all founders have the best intentions in mind. Some are growing their yield farming business with the sole goal of running off with users’ and investors’ assets. You’ll never see them again, and no one will return your money. Rug pulls happen almost monthly, so stay clear of fraudulent projects. Reputation is everything in a trustless environment. Look for LinkedIn pages, video interviews, and other valuable information about the platform’s founders. Who are they? Are they DeFi experts with a proven track record or amateurs with risky ideas and no

How Can Leech Protocol Offer a Safe Farming With High Profits?

Home | News & Insights How Can Leech Protocol Offer a Safe Farming With High Profits? Content What is Leech Protocol? Leech Protocol is one of the first DeFi 2.0 automatic cross-chain yield aggregators that ensures safe farming of any cryptocurrency with effective risk management for the users. It includes different yield-farming strategies and protocols like Curve, PancakeSwap, Uniswap, etc. To maximize yield-farming and ensure safe earning, Leech Protocol introduces a unique automatic strategy to explore the capabilities of each blockchain. For example, Leech Protocol can buy Cakes and open a double leveraged short position on 33% of the total amount and 67% put into farming with auto compound at Pancake Swap with about 80% APY. It can use any high volatility coin that can be hedged, and it’s just one strategy example. The goal is to produce high yields in interest, incentives, or additional cryptocurrency, which is the aim of yield-farming. Leech Protocol allows yield-farmers to automatically move their funds or rewards between different blockchains in the DeFi environment. Being part of the DeFi ecosystem, the increasingly most active sector in the blockchain space, Leech Protocol runs on blockchain-based smart contracts and offers crypto investors decentralized financial services with high profits. Moreover, unlike other DeFi projects, Leech Protocol has improved on the security risks that are hindering the full potential of decentralized finance. Important security risks associated with DeFi projects A recent study shows that the total estimated value of locked TVL in decentralized finance protocols is $196.6 billion (as of 1/05/22) — and the higher the volume of the virtual assets DeFi accumulates, the higher the number of cyberattacks it experiences. Over the years, hacks, thefts, and frauds on DeFi have been on the rise. According to reports, DeFi users lost more than $10.5 billion to theft in 2021. By July 2021, hacks on DeFi accounted for 76% of major hacks in the crypto world, from which DeFi projects lost $361 million. This makes up a 2.7x increase from 2020. With these numbers, the importance of security of the DeFi environment could not be more clear. Although the contemporary DeFi environment provides easier access for underbanked people and quick settlement for the users, they are being challenged by hacks, scams, and bugs. Of course, the biggest security risks in the DeFi environment include the following: admin/private key compromise, coding mistakes, front-running attacks, flash loans, and manipulation, misuse of third-party protocols, and business logic errors. However, it is amazing how Leech Protocol is built with enough effort to ensure the safety of the DeFi environment and is certain to prevent these serious security risks while also ensuring high profit for the users. How Leech Protocol manages security risks Analysis of existing hacks concludes that more than a quarter of them were executed uniquely, while the rest were typical and were possible as a result of neglect of basic security rules. In effect, a seasoned team analyzed the Leech Protocol for hacks and took into account all the vulnerabilities in the protocol. The team classified all known hacks and developed possible methods of protecting against them. Also, the team built the protocol to provide audits on each feature that affects the implementation of smart contracts as a way of tackling the security risks present in the DeFi environment. The audits will help verify smart contracts, identify errors and risks in them, evaluate and remove vulnerabilities in them, and certify them concerning a custom function specification. Besides, with the increase in DeFi projects, and considering how fast they are launched, smart contract audits will be critical to protecting the users and the community — which is why the team integrated them into Leech Protocol to give it more credibility. Furthermore, the team incorporated a notification system in Leech Protocol to alert transactions with suspicious activity. The team intends to bring onboard white hackers to test the security system of the project. It intends to use Bug Bounty Resource Services, too. More on the security strategies that Leech Protocol will employ will be revealed in subsequent articles. How Leech Protocol is unique compared to existing DeFi aggregators Existing yield aggregators are plagued with various limitations that affect the profitability of users. For example, the users are unable to provide liquidity from any blockchain and are also left to choose offers from 50+ pools. Not only that, most of the users have been forced to build a complex farming system. As a result, they are actively involved in constant tracking trends on different blockchains, where they determine the most profitable strategies, calculate the associated risks, and transfer liquidity when there is a drop in profitability. This process is complex and time-consuming. However, with Leech Protocol, the users can provide liquidity from any blockchain and get returns effortlessly. The protocol performs all the operations that the users will usually have to execute manually and determines a good Annual Percentage Yield (APY). It does this through transferring the liquidity between blockchains, searching for the best solution for the liquidity, loading the liquidity, and earning high profitability. This protocol combines farming strategies in different categories while taking into account risks and profitability. The essence of Leech Protocol is not only to “transfer” liquidity from one blockchain to another but also to create strategies for these transfers and constantly improve them. This protocol will automatically execute multi-level strategies on different blockchains, including hedging and lending, with higher profitability. By creating strategies and automating cross-chain farming, this protocol will allow users to safely gain substantial APY and save time at the same time. On top of that, the protocol is already in motion to create its asset insurance fund and integrate external insurance organizations. Therefore, the general public is encouraged to subscribe to the social networks of Leech Protocol to follow its development more closely. Leech Protocol is unique in its strategies and clear in its roadmap. The cross-chain yield protocol is on track to offer safe farming in a way that will beat the imagination of yield farmers. It will not only ensure

How Leech Protocol Manages Security Issues

Home | News & Insights How Leech Protocol Manages Security Issues: Security Deep Dive Outside of regulatory issues, the biggest risk facing DeFi at the moment is smart contract risk, or security risk. When real value is involved, users need to have complete confidence in a protocol’s security to deposit money into it. As one of the premiere cross-chain yield aggregator services, Leech Protocol takes security very seriously, and here we will examine the measures the team has taken to ensure safety of funds in the protocol. First, we analyzed 59 separate smart contract hacks. The team then documented the security vulnerability that resulted in each hack, so we could ensure Leech Protocol would not be defenseless against any of those attack vectors. These vulnerabilities can be divided into four groups: For each of these groups, we established various security measures. The loss of a users’ private keys Any private keys stored on our server are encrypted with several layers of protection; no one is able to access them. Additionally, all funds are stored in liquidity pools, which each have their own deposit and withdrawal address that is hashed for added security. Financial manipulation with flash loans The architecture of Leech Protocol and its heavy use of liquid stablecoins severely limit the opportunities for flash loan manipulation. Additionally, when adding new tokens to the protocol, there will be a slight delay in the accrual of rewards, preventing manipulation of the protocol using flash loans. Flaws in the smart contract code Because using Leech Protocol involves interacting with smart contracts, we have established good security measures around them. Every transaction is manually checked before being approved, and user’s deposits and withdrawals are validated through our backend server. Reward accruals occur only once in a given period using an algorithm. This does not depend on the user, and prevents flash loan manipulation, as previously mentioned. Even if a hacker exploits a smart contract, they will not be able to steal users’ funds, as funds are stored at the addresses of a particular pool, not in the smart contract. Human error We have removed the possibility for human error by ensuring that team members do not have access to the protocol keys. As previously stated, all keys are fully encrypted on our server and not accessible by anyone. Considering all of this, we are very confident in the security of Leech Protocol. We want to impress upon our community just how focused we are on our security since real value is involved, and how much attention we have given to it. What should you do next? Share: Twitter Facebook Telegram