🛡️Key Of Life SAFU Practices

"Don't Trust, Verify"

At Key Of Life, we recognise three words to live by: SAFU First. Always. You can craft the most incredible features into your smart contracts, but if you can’t adequately safeguard user funds, your contracts don’t deserve to have users. That’s why safety is the first, last and foremost consideration in every product we release.

This page describes the various practices that Key Of Life's contributors take to ensure that all new products are safe before launch, all ongoing products are properly maintained and observed, and that our response to any security concerns are issues are rapid and safe.

New Farm Requirements

Before a new farm can be vaulted on Key Of Life, the projects involved with the farm have to pass a stringent set of SAFU rules:

  • contracts must have been verified in the block explorer;

  • non-native tokens must be from reputable bridges;

  • liquidity must be sufficient for swapping farm token rewards;

  • rug/migrator functions must be either completely removed sufficiently;

  • farm token holders with >5% circulating supply must not be either externally owned accounts ("EOAs") or multi-sigs; and

New Vault Testing Procedure

Once a farm has been accepted and a vault is being prepared, our strategists will follow a manual testing procedure on every new vault before it can go live on our app. This is to ensure that the vault works as intended and user funds are always SAFU. The sequential procedure is:

  1. deposit a small amount of the asset;

  2. withdraw all;

  3. deposit again, wait 1 minute and check that callReward() is not 0;

  4. harvest the strategy;

  5. panic the strategy;

  6. withdraw 50% while panicked to make sure users can leave;

  7. try to deposit, an error should pop up but don't send the deposit through;

  8. unpause the strategy; and then

  9. deposit the 50% that has previously been withdrawn and harvest again.

Strategy upgrades

Occasionally, Key Of Life strategists will come out with a new innovative strategy, or yield farms change their reward contracts. If that's the case, Key Of Life vaults have the flexibility to adapt to these changes, and have the ability to swap strategies so users don't have to migrate their funds to a new vault: it's done automatically by a strategy upgrade.

The new strategy is deployed with a dummy vault and all of the manual tests outlined above are completed. After passing the checks, the new strategy is assigned to the vault. The vault gets proposed the new strategy through a multi-sig wallet and has to wait until the timelock delay has passed before the vault uses the new strategy.

Panic

Even with all of our precautions, sometimes something can go wrong with the underlying farm or assets in a Key Of Life vault, for which reacting quickly is of great importance. Key Of Life strategies have a keeper that is allowed to panic, which withdraws the staked funds from the farm back to the strategy contract and removes all allowances. This ensures that funds are always available for Key Of Life stakers to withdraw in case of emergency.

Last updated