Security
Difference from KuSwap and Velodrome
Use trading fees as external bribes. In contrast to Velodrome, KuSwap takes the trading fees of liquidity pools with gauges and sends them as external bribes for that respective pool.
KCSandKUStrading fees directly bribe upcoming voters to direct their votes to theKUS:KCSpool. KuSwap believes this creates a much better voting experience as voters clearly can see what they will get, rather than wait to see what trading fees they happen to accumulate in the week following their vote.Trading fees without gauges. With pairs that don't have a gauge, or have a gauge that was "killed", the trading fees are sent to the tank.
Differences from Solidly and Velodrome (inherited by KuSwap)
Major changes
One vote per epoch. In KuSwap, voters are only allowed to make "active" voting decisions (i.e. vote and reset) once per epoch. Voters must wait until the next epoch to change their votes. Voters can, however, cast their votes throughout the epoch.
Killable gauges. To dissuade emissions exploitation via dummy gauges, we're allowing the KuSwap Council to kill any "bad" gauges. The Council is composed of individuals meant to serve as a credibly neutral decision-maker for the broader ecosystem.
Minor changes
Removed the LP boost for voters.
Removed negative voting.
Small changes
Modifiable fees. Fees on KuSwap are 0.03% for stable pools and 0.25% for volatile pools.
Upgradeable veNFT art.
Security and Audits
As a commitment towards the safety of our users and partners, we want to be transparent about the changes and the status of the security audits of our smart contracts.
v3 Smart Contract Audits
https://github.com/KuSwap/v3/tree/master/audits
KuSwap is a fork of Velocimeter v3 which is a fork of Velodrome Finance adapted from Solidly, the codebase was open sourced in full by Andre Cronje and his team in March 2022.
Solidly went through a partial (only the AMM part was sent for audit) security audit in January 30, 2022. The audit was done by PeckShield and did reveal 5 low-severity and 1 informal findings.
The full audit is available for download from Solidly git repository or here.
Velodrome went through a security audit and a peer review as part of the Code4rena bug bounty contest.
Velocimeter changes:
Removal of Internal Fees The fees are now directed as external bribes so the need for many contracts became redundant, ie. pairFees.sol, internalBribe.sol
VELODROME Security Procedures
The Code4rena contest results were released on August 8, 2022 and are available here(opens in a new tab). All high- or medium-risk issues were either resolved pre-deploy, except for one known issue (users can claim eligible rewards from ExternalBribe contracts more than once) that's currently being addressed (via a wrapped contract solution). No user funds are at risk from this vulnerability, and protocols who wish to deposit external bribes should get in contact with the core team to discuss alternative solutions.
Reports from current fork audit are available here.
Bug Bounty Programs
Velodrome ran a bug bounty contest on 23rd to 30th of May 2022 with awards up to $75,000 on Code4rena. The main scope of the contest was to cover all the new changes to the new and the original contracts.
Solidly's bug bounty program was launched in February 2022 on Immunefi.com. There were no claims for any of the $200,000 rewards (on their Github).
Last updated