π Security
As a reminder, Swaap v2 relies on 3 core modules, as described in the graphics below
The protocolβs security is paramount to us. We want our usersβ funds to be as safe as possible.
In order to achieve that, each module has gone through extensive security checks.
Inventory This module, which takes care of the asset accounting and execution (join pool, exit pool, swap assets) is a fork of Balancer V2 Vault infrastructure. It therefore inherits from its benefits and security guarantees.
Balancer v2 has been live for 2 years with up to $1bn in TVL secured. The protocol has been thoughtfully audited by Trail of Bits, Consensys Diligence and OpenZeppelin.
Quotation This module provides the quote at which traders can execute transactions. It is a proprietary offchain module.
It has been stress tested using the AMM simulator, a tool developed by Swaap Labs in collaboration with the Louis Bachelier Institute. For more information about it, refer to this paper.
Safety on this module is delivered by the Settlement module, whose role is to perform onchain authenticity and performance checks on the quotes provided.
Settlement Prior to executing a trade, the Settlement module employs on-chain safeguards to revise or reject outdated or underpriced quotes. These include a Max Drawdown Circuit Breaker, Last Look, and Max Imbalance. These safeguards are designed to protect LPs' funds, especially during extreme market conditions such as flash crashes or stablecoin de-peggings. For more information, please refer to the v2 whitepaper
The settlement module has been carefully audited by two prestigious & independent security firms:
- Chainsecurity
- Quantstamp (available soon)
Recommendationsβ
By design, Swaap pools can be minted in a permissionless way, therefore anyone can create their own pool. Before providing liquidity to any of them, we advise you to run the following checks to prevent any loss of funds:
- Ensure that the pool has been deployed with Swaapβs Factory.
- Check the address of the tokens of the pool you are joining and check that they are correctly implementing ERC20βs standard.
- Ensure that the tokens within the pool are all distinct. Pools with the same token twice are not supported by the protocol. For instance, you should not join an ETH / ETH / DAI pool. P.S. in rare cases, different token addresses can point to the same token balance. These tokens are not supported by the Swaap pool and must be avoided as well.
- Ensure that the right Chainlink oracles are associated with the right tokens (refer to Chainlink's documentation).
The pools that are available on the Swaap frontend have all been carefully vetted by the Swaap Labs team, so there is no need to run such verifications on them.
Disclaimerβ
Users should exercise caution and conduct their own research before interacting with Swaap or any other DeFi protocols. It is important to have a clear understanding of the smart contract interactions, the associated risks, and to use the platform at your own risk.
Swaap is not responsible for any losses incurred due to the use or interaction with its smart contracts, and users are encouraged to only invest funds they can afford to lose. It is highly recommended to stay informed and be vigilant of the changing dynamics in the DeFi space.