Hi Guys,
Please find my reapplication as risk facilitator.
Process weaknesses are a huge risk (if not the biggest) in today’s DeFi. Just look at a recent rekt “The exploit was due to a private key compromise of the Ankr deployer address on BSC, potentially the result of a phishing campaign 1.” And even the rekt article misses the point. It does not discuss how the keys were compromised, or why there was no timelock. It does not touch key and wallet management. These are preventable errors. Solid, boring written processes can fix this.
How would you mitigate a stolen deployer key? Maybe add an alert upon execution and a timelock, then a process so that if the alert goes off, the team know what to do.
This is the first part of the value I bring. The second part is having a risk process that investors can respect. This will put GRO above other protocols.
Budget breakdown (six months): $60.000 1 facilitator:
60,000 USDC over 6 months plus 80,000 GRO tokens (vested)
This accounts for a minimum of 16 hours per week or 40%of my time
My time:
The allocated time spent will be a minimum and priority will be put on any specific risk tasks the other pods may request. The remainder of my time will be spent as president of DeFiSafety. This means 100% of my time is spent on DeFi risk and security. Everything I learn will be brought into Gro. If Gro has an intense period risk wise, I will spend whatever time needed.
Tasks;
When I am not on a specific protocol tasks, I will be developing written strategies for all of the risk types listed below. For each risk there would be mitigations, alerts and a written response plan. Much of the time generating these NOT be paid by GRO, as the generic docs are for DeFiSafety. We continually update risks (such as the incompatible token bug, I recently added 1.
Within six months, I expect GRO to have a documented risk framework that would make any DeFi fund confident that GRO’s security is unparalleled.
- Key Treasury Risk
- Keys stolen
- Token price plunges
- Internal Bad actor damages protocol
- Pool
- External bad actor drains pool
- Undercollaterization
- Incompatible token incorporated into protocol
- Bad co-efficient updates
- Financial Operation Risk
- Rapid loss of value of asset(s)
- Bad tokenomics causes problem
- Stable coin depeg
- Software Operation Risk
- Loss of Funds via Hack
- Website script injection (hijack website code)
- Website Impersonation (DNS)
- Scams to fake websites
- Fake google ads
- Bad strategy deployment
- Governance Risk
- Automated governance hack (a la beanstalk)
- Have you considered voting distribution (one dude getting control)
- VC takeover of DAO
- Regulatory Risk
- A government makes the use of a countries population
- Is it a security
- Environment Risks
- Blockchain Risks
- Blockchain Loses faith, users run
- Bridge Risks
- Software Development Risk
- Flaw created by a changed contract
- Bad Algorithmic validation during development
- Stolen deployer key
My background is in avionics (aviation software). In aerospace, procedures are defined, updated rigorously followed and then continuously improved. This culture of continuous improvement and solid documentation is what I am to bring to GRO.