Audit timeframe for zzz.finance contracts

Any news / time frame on how long it takes until the smart contracts are audited?
Cheers.

1 Like

smart contract audits are expensive and take a bit of time

as far as i know, zzz is based on yfi. not too much change to it.

They said something similar about yam and then they fucked up. There are plenty of projects that had issues even though they claim to be simple copies of another smart contract.

An audit should be one of the major community concerns at the moment, because a lot of investors will only bite, if a project is fully audited. It would also give the less tech savvy investors and the current investors more trust in the project.

hacken for example is an audit service that is relatively cheap while offering a very high quality standart.

And I am pretty sure, this could be done in an community effort via tipping.

1 Like

Yeah i’m friends with the CEO of Hacken, Quantstamp, and Cyber Unit.

This is really a matter of cost.

We can get it an affordable price

Sounds great. Would be happy to give some of my zzzs in order to get this going…

Smart contracts are important

So is the other security considerations such as website and other attack vectors

I think @Andre will have a better idea when it will be needed.

And we can ask the community to contribute together

1 Like

I disagree.
A smart contract audit is way more important than a website audit.

1 Like

I agree with Andy the other attack vectors are just as important

If the smartcontract is exploited investor funds and even worse the whole project is at risk.
If the website is hacked so what?

(Sadly cannot answer directly, because I reached post limit to answer. Moderators please increase!!!)
@Aaronjames Your example would still not risk the whole project. If a smart contract exploit is used however, the project pretty much would be dead. And after the YAM disaster people are more careful about hopping on unaudited DeFi projects.

See this from an investor standpoint.
Audit = more moon.

(@andydrewie Please increase the reply numbers of new members!!!)
This is not how those things work. An official audit is an official audit.

Example: There are a couple of AMPL clones that simply do not work when copied because most of those forgot about the simple fact that the uniswap pool needs to be called on every rebase via resync().

If this is not done the pool can be drained with an flash loan attack. ( Which btw happened with a couple of inofficial AMPL pools and AMPL clones.)

“saving some money” is always a bad idea in DeFi. Do only let your friend check the code if he cannot official write an certificated audit. Otherwise it is an waste of time.

1 Like

They could hack the website to change the contract url so people stake to the wrong contract? Just one thing i can think of quickly.

I have yet to compare the smart contract of ZZZ and YFI.

can you save us some money and check which lines of code are different

I’ll grab my friend, whose an auditor, to check if there’s anything we need to worry about

@Andre kindly take note

Weird, i increased user replies to 200 per user. Not sure whats going on, let me explore more

Well, thats why im advocating forking existing pre-audited contracts. Inflationary and deflationary mechanisms such as rebases will of course be audited, but for yield farming pool contracts they will still use the audited contracts being used by YFI/YFII/YFLink etc

Picking the right forks is all that matters right now.

This did not age well.

3 Likes

Any progress on this stuff? I want to ensure a secure space in order to continue investing more.

1 Like

+1 — I think figuring this out is important. Certified audits would give larger investors security. IMO it would add value to the project entirely and attract more people.

2 Likes

After what happened last night, we need a full on audit.

1 Like