cLA.Labs x DeFiYield

  • The only security dashboard that combines effective crypto asset management with built-in safety infrastructure that enables users to manage DeFi risk
  • Community governance that is built with OpenZeppelin’s Governor system including the GovernorCompatibilityBravo module, which originally was designed by Compound
  • An open access safety toolkit that includes the security audit database, the rekt database, the smart contract scanner, the timelock contract viewer and the advanced impermanent loss calculator.
  1. Track investment opportunities,
  2. Monitor performance metrics including Profit & Loss, Impermanent Loss and Farming Rewards.
  3. Allocate and reallocate funds across different projects and blockchains.
  4. Stay protected with the Approvals Analyzer, which informs you of approvals for malicious Dapps that contain backdoors, infinite minting and other security issues.
  1. Account overview featuring the total balance of the wallet and the total value of funds deposited in vaults — including those in liquidity pools, those being lent out, staked funds and the total debt value.
  2. Value of assets grouped by blockchain network.
  3. DeFi platforms currently in use.
  • Verification — Is the analyzed smart contract code verified by a blockchain explorer, such as Etherscan or BscScan? This reflects whether the contract’s bytecode matches what is on the blockchain.
  • Owner type — Are the smart contracts EOA-, smart-contract-owned or not owned at all?. If the owner of a smart contract is an EOA, it can interact with it and call a certain set of underlying functions at the EOA’s discretion.
  • Major EOA holders — Are there EOAs holding large shares of a project’s token, such as one private owner having more than15% of the token total supply? This metric doesn’t relate to code security but does indicate that the token can be dumped by the major holder/s at anytime.
  • Abandoned — A project is considered abandoned if no transactions were broadcast through the smart contract of its token in the last 30 days.
  • Migration — If migration functionality is present in the token smart contract, user funds may be endangered.
  • Pause — If a smart contract can be paused, users don’t have constant access to their funds handled by it. Therefore, they would not be able to move their funds until a pause ends, during which time the token price may have moved in a negative direction.
  • Minting functionality — If the project token is mintable,tokens might be minted to an EOA in order to perform a scam orunlimited token supply could cause its price to crash. The scanning algorithm also indicates who can mint tokens, such as a regular EOA, a smart contract or if no minter is set.
  • New — A scanned contract was created less than 7 days ago and has not been battle-tested, which means: code vulnerabilities may be revealed in future.
  • Proxy — As the code of already deployed smart contracts can’t be upgraded, some projects choose proxy contract patterns to ensure they have flexibility to enable changes at a later date. This architecture allows projects to bind newly deployed contracts containing new logic to already deployed smart contracts. This exposes users to risk as malicious code can be introduced with a newly deployed logic contract.
  • Mixers used — A mixer can be used by a dev team to pay for deployment of the project contracts. This trick is often applied by scammy projects, so they become untraceable once a rug pull has been performed.
Roadmap for 2022

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store