Security & Risks

This is the risk that developers (or thieves who steal the development keys) could make changes in the code that would allow them to drain funds. This risk applies both to ACryptoS and to the projects that ACryptoS have created vaults for. The risk mitigation actions described below apply only to mitigating the risk of exploit or malicious dev activity to ACyptoS.

Mitigation:

Removal of migrator function

• The migrator function gives the owner of the Masterchef contract the ability to move all funds to another wallet, and thus steal user funds. This function has been removed from ACryptoS contracts

48-hour timelock

• This means that there is a 48-hour time period between when code changes are published and when they are deployed. Therefore, if a developer wanted to implement malicious code there would be a 48-hour delay before the code is deployed, thus allowing users time to withdraw their funds.

Timelock monitor and community bot to monitor changes

• There is a timelock monitor and Telegram timelock monitor bot so that the community is aware of all upcoming changes and when they will be deployed.

This is the risk that flaws/bugs exist in smart contracts which can lead to a loss of funds either by accident or by malicious exploitation.

As ACryptoS interacts with other projects, there is smart contract risk both in the ACryptoS contracts and in all the contracts which ACryptoS interacts with.

Mitigation:

Audits

ACryptoS has been audited by some of the most respected blockchain/smart contract auditing companies.

No critical, medium or minor findings were raised during the audits. The only findings were informational. The details on the audits can be seen here.

• ACryptoS Dev Team can control all assets in Vaults behind a 48 hour timelock.

• ACryptoS Dev Team can mint ACS token behind a 48 hour timelock.

• ACryptoS Dev Team can mint ACSI token behind a 48 hour timelock.

• ACryptoS Dev Team can control all reward parameters of ACS Farms behind a 6 hour timelock.

• ACryptoS Dev Team can control all reward parameters of ACSI Farms behind a 6 hour timelock.

• ACryptoS Dev Team can control all fee parameters of StableSwap behind a 72 hour timelock. ACryptoS Dev Team can control destination of StableSwap admin fees.

• ACryptoS Dev Team cannot control assets in Farms.

• ACryptoS Dev Team cannot control assets in StableSwap.

The risk of liquidation is a feature of trading with leverage. Liquidation is a mechanism in which market sell orders are created to exit leveraged positions when the margin requirements are not met.

Mitigation:

ACryptoS borrows and supplies the same asset so there is no liquidation risk from price. Our Supply-Borrow Leveraged Vaults rebalance on every deposit, withdrawal and harvest. More info on the strategy here.

ACryptoS has created vaults which make use of selected lending protocols. With DeFi lending protocols there is the risk of insufficient liquidity meaning it may not be possible to withdrawal funds until liquidity increases. Low liquidity generally occurs when there is peak demand for an asset (such as for BNB during launchpad events). This is, in most cases, a temporary issue as the high borrowing costs will incentivize borrowers to repay and thus increase liquidity.

The risk of impermanent loss is present whenever you provide liquidity to a liquidity pool.

What is means is the (impermanent) loss of funds due to one of the assets in the pool being volatile in relation to the other.

This article from Binance Academy provides more details on IL

Mitigation:

To minimize the risk of IL you can choose to yield farm assets which have a high correlation (e.g., stable coin pairs) and avoid volatile pairs.

Note that the risk of IL is offset somewhat by the higher rewards offered for pairs that are more volatile. It is up to you as an investor to decide what strategy you are most comfortable with depending on your risk tolerance.