0xWhale
  • Introduction to 0xWhale
  • How 0xWhale works
    • Optimal market making
    • Open, transparent RfQ Market making infrastructure
    • Chains & tokens availability
  • FAQs
  • Key Metrics
    • Net APR
    • Market-Making Net APR
    • 0xWhale token net APR
    • Partner DAOs token net APR
    • Token Emission Bonus for Whitelisted Users
    • Liquidity Bootstrapping Program
    • Special token emission bonus offers
    • Exclusive rewards for liquidity providers (NFTs)
  • Yield Token APR
  • Boosted pools APR
  • Security
  • Official Links
Powered by GitBook
On this page
  • Control and Upgradability​
  • Recommendations​
  • Disclaimer​

Security

PreviousBoosted pools APRNextOfficial Links

Last updated 11 months ago

As a reminder, 0xWhale relies on 3 core modules, as described in the graphics below

The protocol’s security is paramount to us. We want our users’ funds to be as safe as possible.

In order to achieve that, each module has gone through extensive security checks.

Inventory This module, which takes care of the asset accounting and execution (join pool, exit pool, swap assets) is a fork of Balancer V2 Vault infrastructure. It therefore inherits from its benefits and security guarantees.

Quotation This module provides the quote at which traders can execute transactions. It is a proprietary offchain module.

It has been stress tested using the AMM simulator, a tool developed by 0xWhale Labs in collaboration with the Louis Bachelier Institute.

Safety on this module is delivered by the Settlement module, whose role is to perform onchain authenticity and performance checks on the quotes provided.

Settlement Prior to executing a trade, the Settlement module employs on-chain safeguards to revise or reject outdated or underpriced quotes. These include a Max Drawdown Circuit Breaker, Last Look, and Max Imbalance. These safeguards are designed to protect LPs' funds, especially during extreme market conditions such as flash crashes or stablecoin de-peggings.

Control and Upgradability​

The core smart contracts of 0xWhale, such as the Vault, the SafeguardPool, and the SafeguardFactory, are designed to be immutable for enhanced security. This means they cannot be upgraded or modified.

However, certain parameters can be controlled by the DAO through a multisig mechanism. These allow the DAO to perform actions like pausing or unpausing the contracts and adjusting certain safeguard parameters. However, it's crucial to understand that these parameters and actions do not grant the 0xWhale team any access to liquidity providers' deposits. Moreover, they don't influence the pricing of the pool. Their main function is to set loss limits and implement safeguards against extreme unforeseen events. Notably, the 0xWhale team has the ability to pause the protocol within the first 9 months following the deployment of its contracts.

Recommendations​

By design, 0xWhale pools can be minted in a permissionless way, therefore anyone can create their own pool. Before providing liquidity to any of them, we advise you to run the following checks to prevent any loss of funds:

  • Ensure that the pool has been deployed with 0xWhale's Factory.

  • Check the address of the tokens of the pool you are joining and check that they are correctly implementing ERC20’s standard.

  • Ensure that the tokens within the pool are all distinct. Pools with the same token twice are not supported by the protocol. For instance, you should not join an ETH / ETH / DAI pool. P.S. in rare cases, different token addresses can point to the same token balance. These tokens are not supported by the 0xWhale pool and must be avoided as well.

  • Ensure that the right Chainlink oracles are associated with the right tokens (refer to Chainlink's documentation).

The pools that are available on the 0xWhale frontend have all been carefully vetted by the 0xWhale Labs team, so there is no need to run such verifications on them.

Disclaimer​

Please note that while 0xWhale has undergone extensive security checks and auditing, no system can be completely secure. As with all smart contract-based platforms, there exists an inherent risk when interacting with contracts. Smart contracts are permanent on the blockchain; once deployed, they cannot be altered. This can be advantageous for trust and security, but if there is an error or vulnerability in the code, it might be exploited.

Users should exercise caution and conduct their own research before interacting with 0xWhale or any other DeFi protocols. It is important to have a clear understanding of the smart contract interactions, the associated risks, and to use the platform at your own risk.

0xWhale is not responsible for any losses incurred due to the use or interaction with its smart contracts, and users are encouraged to only invest funds they can afford to lose. It is highly recommended to stay informed and be vigilant of the changing dynamics in the DeFi space.