Comment on page
BEE AI LABS SAFU Practices
At BEE AI LABS, we live by the following three principles: SAFU Primacy. Always. Your smart contracts can have the most amazing features, but if you can't appropriately protect user funds, they don't deserve to have users. Because of this, safety is our top priority while developing any new product.
This page outlines the numerous steps that BEE AI LABS's contributors take to guarantee that all new goods are secure before they are released, that all current products are up to date and adhered to, and that our reaction to any security issues or concerns is quick and secure.
As a requirement for all of our goods, BEE AI LABS have developed a strict SAFU management strategy that keeps an eye on a variety of security factors.
The projects associated with a new farm must pass a strict set of SAFU regulations before it can be launched on BEE AI LABS:
- contracts must have been verified in the block explorer;
- non-native tokens must be from reputable bridges;
- liquidity must be sufficient for swapping farm token rewards;
- rug/migrator functions must be either completely removed or time-locked sufficiently;
- farm token emission rates must have been time-locked (if farm token pairs are being vaulted);
- farm token holders with >5% circulating supply must not be either externally owned accounts ("EOAs") or multi-sigs; and
- all proxy implementation changes (i.e. upgrades to the contracts) must be time-locked.
Our strategists will conduct manual testing on each new vault after it has been prepared and a farm has been approved before it can be made live on our app. In doing so, the vault will function as planned and user funds will always be SAFU. The step-by-step process is:
- 1.Deposit a small amount of the asset;
- 2.Deposit again, wait 1 minute, and check that
callReward()is not 0; - 3.Withdraw 50% while panicked to make sure users can leave;
- 4.Try to deposit, an error should pop up but don't send the deposit through;
- 5.Unpause the strategy
- 6.Deposit the 50% that has previously been withdrawn and harvested again.
Sometimes, BEE AI LABS strategists will release a brand-new, ground-breaking approach, or yield farms will alter their reward contracts. If so, BEE AI LABS vaults have the adaptability to make these changes and can switch strategies, saving customers the trouble of moving their money to a new vault because it is done automatically via a strategy upgrade.
All the manual tests mentioned above are carried out while the new method is implemented using a dummy vault. The new tactic is given to the vault after passing the inspections. The new strategy is offered to the vault through a multi-sig wallet, and the vault must wait for the timelock delay to pass before implementing the new strategy.
The projects and protocols that we develop on top of will inevitably necessitate the use of functionality in their smart contracts that are prone to misuse during the lifetime of our vaults (and for which a timelock was required to implement an BEE AI LABS vault). On the BEE AI LABS Discord, we've set up the #-timelock-monitor channel as a safeguard against the possibility of abuse.
The Timelock Monitor gives all the details required to evaluate the risk and safeguard user cash by presenting the pertinent contract and protocol, the triggered event, the method scheduled to be called, and the timelock's end time. As a public channel, the monitor gives our users free access to this data and insight into how BEE AI LABS's team is managing these risks to help them make decisions.
Even with all of our measures, the underlying farm or the assets in an BEE AI LABS vault can occasionally have problems, in which case acting swiftly is crucial. BEE AI LABS strategies have a keeper that is allowed to panic, which withdraws the staked funds from the farm back to the strategy contract and removes all allowances. This guarantees that BEE AI LABS stakeholders can always withdraw money in case of exigency.
Last modified 9mo ago