Skip to content
Ecosystem
/
Security

Security

When it comes to DeFi, the most important base layer and one which is often overlooked by the masses is security. Without a bulletproof foundation that has been put through rigorous testing, users are exposed to elevated risk factors that compromise safety and adoption. At Beets, we prioritize security as a fundamental, and as such we have invested heavily in any action that bolsters security for our users.

Audits

Beets uses Balancer V2 contracts verbatim, which have completed several full audits.

We have also completed a Beets specific audit with one of the most highly regarded Audit firms in DeFi - Trail of Bits . You can read the full audit here.

Bug Bounties

As a community, Beets has been an active contributor to the Balancer Labs Bug Bounty programme; one of the largest bug bounties in DeFi valued up to $1,000,000.

On top of the efforts made by Balancer, we have also run our own Bug Bounty initiative up to a maximum value of $500,000. Our protocol uses more than the contracts that are covered by the Balancer program and as such it only makes sense for us to further incentive the security of the platform. For more information, check out this article or visit the bug bounty program.

Contracts

All contracts are immutable and not upgradable.

Balancer V2 uses an authorization mechanism which allows fine grained access control on a function level. At its core is the Authorizer contract which manages access to all protected function calls.

Execution roles

All entities which are granted the default admin role can grant and revoke execution roles on a function level. For singleton contracts like the Vault, all roles granted on it are bound to its contract address. So if we would deploy another Vault contract, roles granted on the 'old' Vault would not apply on the new one.

For contracts deployed via a factory like the pools, roles are bound to all pools created by the same factory address. So if a role is granted on a StablePool created by the StablePoolFactory contract, then the role applies to all other StablePools created by this factory. It's bound to the StablePoolFactory address.

So if we were to deploy another StablePoolFactory, pools created by it would not share the same access roles.

Currently, all roles are only granted to the Balancer Admin multisig

Default admin role

The default admin role does not give permission to execute any protected function but allows granting or revoking roles to other entities (or himself).

Last updated on December 17, 2024