👾 APY.Finance Weekly Update (5/23 - 5/29) 👾

📈 Alpha Release Progress
Oracles & Pricing
- [60% Complete] Chainlink Monitoring
- [85% Complete] Oracle Emergency Systems
Portfolio Management
- [50% Complete] Gnosis Safe
- [40% Complete] Administration & Governance Tools
Security
- [90% Complete] Security Audit
- [30% Complete] Security Updates
User Interface
- [50% Complete] UX Testing
- [45% Complete] UX Updates

🏷 Oracles & Pricing

Our engineers are currently implementing our oracle adapter and emergency failsafe. This fallback adapter will use a similar design that Aave uses to ensure our platform is protected against rare, yet dire, instances of a complete oracle failure, and allow a graceful fallback.

📂 Portfolio Management

This week, we’ve fully integrated Gnosis Safe which will securely batch strategy executions. Further, we’ve created the scope of work for future Gnosis Safe automation and monitoring. Transitioning to a more automated monitoring solution will require less manual maintenance and open the doors for a more nimble platform with greater levels of decentralization.

🔐 Security

We are currently anticipating the first draft of our security audit from Halborn. This security audit is a crucial step toward locking off platform security, a prerequisite to the upcoming Alpha launch.

Further, the recent market fallout and grievous hack on Pancake Bunny has led our engineers to observe in real-time how different oracles on other projects handle the effects of market conditions such as network congestion, and slowly updating price feeds, which have proven they may create the opportunity for financial exploits such as flash-loan and front-running attacks.

While we’ve proactively been building a fundamentally secure system that is protected against these vulnerabilities, our engineers continue to evaluate case studies, and analyze these market conditions to consider the effects the recent market fallout has had on DeFi projects and oracle infrastructures. We’ve also investigated how our own oracle, Chainlink, handled these market conditions, and we’ve confidently secured our own platform against financial exploits at the whim of oracle failures.

🌐 User Interface

Our front-end engineers have completed templating of the components we’ve updated based on feedback from UX testers. We’ve spent the rest of the week updating the functionality of newly displayed metrics on our updated layout, such as projections on investor’s rewards per day, percentage of market share, and portfolio growth.

This will ensure all of the information you need to know about your portfolio is just a single click away, saving you valuable time, and displayed in a manner that users of all skill levels will be able to understand and utilize effectively.

👾 APY.Finance Weekly Update 5/30 - 6/5 👾

📈 Alpha Release Progress
Oracles & Pricing
[60%Complete] Chainlink Monitoring
[90%Complete] Oracle Emergency Systems
Portfolio Management
[50% Complete] Gnosis Safe
[40% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[40% Complete] Security Updates
User Interface
[50% Complete] UX Testing
[60% Complete] UX Updates

🔗 Revamped Landing Page
We’re excited to announce the release of our new APY.Finance landing page intended to clearly communicate our value propositions to new users, and easily onboard them once the Alpha build is live. Take a look at the new landing page here: https://apy.finance/

🏷 Oracles & Pricing
This week, our smart contract engineers have completed developing our oracle adapter and emergency failsafe. This failsafe will protect our system in the case of extreme oracle failures, and mitigate financial exploits as a result of these oracle failures, a threat demonstrated by recent hacks and financial exploits of other DeFi projects. We’ve begun testing and integration of this oracle adapter, and anticipate its completion by the end of next week.

📂 Portfolio Management
Our team is currently developing deployment noscripts that will handle the latest changes around the Liquidity Provider Safe, and the aforementioned oracle adapter. These changes are critical in preparing the system for mainnet testing which will begin next week.

🔐 Security
We’ve received and have begun to review the initial first draft of Halborn’s security audit of our platform. This marks a major milestone toward the upcoming release of our Alpha build. Following this security audit draft, we will proceed with mainnet testing as we continue to collaborate with Halborn on the security audit.

🌐 User Interface
This week, our front-end engineers have integrated the new pages and forms that have been recently developed as a result of feedback received from UX testers to make the system more intuitive and comprehensive. We’ve also verified that staking and liquidity mining claims are now properly integrated and fully functional with the updated front-end.

These UI changes won’t be reflected on the current APY.Finance staking dashboard, but will be released along with the entirety of the Alpha build. We’re excited to share some of the progress we’ve made on the revamped user interface, you can expect to see some screenshots of the upcoming build in next week’s update.

Tune into the DeFi Summit tomorrow morning, 9:15am PST as our CEO Will Shahda speaks on a DeFi Summit panel on economic hacks and security.

👉 https://www.youtube.com/watch?v=V3b3aoKEnEA

👾 APY.Finance Weekly Update 6/6 - 6/12 👾

📈 Alpha Release Progress
Oracles & Pricing
[60% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[55% Complete] Gnosis Safe
[45% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[45% Complete] Security Updates
User Interface
[50% Complete] UX Testing
[75% Complete] UX Updates

🏷 Oracles & Pricing
This week, our engineers have fully integrated our Oracle Emergency System that will mitigate potential financial exploits and security risks caused by oracle failures.

📂 Portfolio Management
Our engineers have completed deployment noscripts that will handle the latest changes around the introduction of our liquidity provider safe and oracle adapters. Both functions are set up in preparation of mainnet testing that will begin this week; a paramount precursor in ensuring the Alpha build is finalized and launch-ready.

🔐 Security
While reviewing the security audit draft with our auditors, Halborn, our team has prepared a security measures document which outlines the function of each subsection of our system, and defines the security measures we’ve set in place to proactively safeguard each against hacks and exploits. Read the in-depth security measures document here.

Here's an overview of our system architecture:

Further, the CEO of APY.Finance, Will Shahda, recently spoke on a DeFi Summit panel discussing the nuances of DeFi Economic Hacks and Security within a developing project. Watch a VoD of the panel here.

🌐 User Interface
Finally, over the past couple of weeks, our front-end engineers have updated our dashboard as a result of feedback from the first round of UX testing, with another round of testing to follow soon. Some notable changes include growth and reward projections that are dynamically calculated and displayed when users enter amounts on our forms, more metrics for users' staked positions, yield breakdowns on deployed strategies, and a new TVL chart that can display historical values at different time ranges

Here’s a preview of the updated dashboard and changes we’ve made:

Main portfolio dashboard. We’ve added projected growth and rewards per day metrics that are dynamically calculated based on user input. These changes help users analyze their options before depositing stablecoins.

Liquidity providing and staking. Users are now able to see the total value of staked pool tokens as well as their share and daily reward distribution.

Deployed strategies and rewards earned.

Strategy yield breakdown. We’ve simplified this by combining strategy percentage bars into one bar to more clearly display yield breakdown.

TVL Chart is more clearly displayed and has available historical data for custom time ranges.

👾 APY.Finance Weekly Update 6/13 - 6/19 👾

📈 Alpha Release Progress
Oracles & Pricing
[60% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[55% Complete] Gnosis Safe
[45% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[45% Complete] Security Updates
User Interface
[55% Complete] UX Testing
[75% Complete] UX Updates

🔐 Security & 📂 Portfolio Management
This week, our project has reached a significant milestone as we have officially begun mainnet testing. Our developers have deployed contracts to mainnet as we initially utilize company funds as a test-source, so as not to risk user’s liquidity until we can ensure confidence of successful testing. Once testing is complete, we’ll connect existing liquidity pools to deploy all pooled capital using the currently implemented contracts for the Alpha build.

🏷 Oracles & Pricing
Mainnet testing begun this week will allow us to evaluate Chainlink Monitoring and its level of completion, evaluating if it is Alpha-ready. If we determine Chainlink Monitoring developments required for Alpha are complete, we can officially tie off our efforts on Oracles & Pricing as our team shifts their focus toward other necessary avenues of development.

🌐 User Interface
This week, our front-end engineers complete integration of newly developed features as we prepare for yet another cycle of UX testing, feedback analysis, and development.

Finally, metric calculations for staking and unstaking forms that display a user's share of staked TVL have been completed. Further, we’ve updated the method of which our system stores strategies internally to account for all tokens that are being farmed for each strategy.

👾 APY.Finance Weekly Update 6/20 - 6/26 👾

📈 Alpha Release Progress
Oracles & Pricing
[65% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[60% Complete] Gnosis Safe
[50% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[50% Complete] Security Updates
User Interface
[60% Complete] UX Testing
[80% Complete] UX Updates

🔐 Security
We have continued to collaborate with Halborn on an extremely thorough and in-depth economic audit to evaluate and update security and economic risks. Halborn will soon begin working on a standard smart contract audit in parallel which will be more aligned with audits typically seen within DeFi, and will have a much quicker turnaround.

Further, we’ve been keeping an eye on the fallout of recent hacks and software failures of other projects such as Alchemix and Iron Finance, which have resulted in loss of funds. By thinking about the next phase of DeFi while simultaneously measuring the pulse of DeFi projects today, our team has proactively engineered a system that can mitigate similar financial risks.

📂 Portfolio Management
Mainnet testing began on June 17th and is ongoing. In the coming weeks, we will initiate our first wave of governance votes where token holders within the community can vote on system changes and strategy proposals. This marks a key milestone in decentralizing control of the APY.Finance platform, shifting management away from the internal APY.Finance team to $APY token holders and the greater community.

🏷 Oracles & Pricing
We’ve resolved an implementation issue of a node used through Chainlink which temporarily prevented forked testing locally, a necessary precursor to testing on live mainnet. Testing on a forked local server before deploying to live mainnet allows us to ensure the system is running properly when testing new positions. This has allowed us to continue mainnet testing with company treasury funds before connecting existing liquidity pools and deploying all pooled capital.

🌐 User Interface
Our front-end team has spent this week resuming UX testing, and implementing quality of life improvements to the front-end dashboard. These changes include creating a more seamless transaction flow that will emulate the live build for UX testers, as well as minor usability improvements such as automatically selecting the stablecoin with the largest balance by default, and improving user guidance around staking.

Further, we’ve kicked off another round of UX testing and have begun analyzing feedback and update priorities based on testing. One suggestion given by a UX tester encouraged our team to to more clearly display labels of different token balances, and create an even more seamless transaction flow that will guide both new and experienced users through the staking process, step-by-step, in an effort to become the most intuitive and user-friendly yield farming platform on the market.

👾 APY.Finance Weekly Update 6/27 - 7/3 👾

📈 Alpha Release Progress
Oracles & Pricing
[70% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[65% Complete] Gnosis Safe
[55% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[50% Complete] Security Updates
User Interface
[60% Complete] UX Testing
[85% Complete] UX Updates

🔐 Security
This week we made significant progress on a standard smart contract audit with Halborn. This added, but important component of our security analysis is happening in parallel with our ongoing financial audit. Revisions to our oracle implementation are progressing as well, and Halborn has worked to incorporate these changes into revisions within the financial audit.

With these changes, this financial audit, in combination with the standard smart contract audit, will provide a more comprehensive and thorough than audit from others in Defi, setting a new standard that aligns with the increased focus and security needed to safely and securely perform on chain transactions.

📂 Portfolio Management
Our engineers have set up a forked staging environment allowing us to battle-test the system infrastructure in real-time before deploying to the live mainnet build.

To support ongoing governance, we've decided on a Snapshot space to manage strategy proposals. Using Snapshot, proposals will be hosted, and token holders will be able to vote, a paramount precursor to launching our fully decentralized governance platform.

🌐 User Interface
Our front-end team has continued to simplify and increase guidance surrounding our staking platform. We’ve included more indicators and labels which will help guide users through the system with a streamlined experience.

We’ve also updated and integrated our APY core package including updates to how our oracle downtime security measures are displayed. As a result, we can now prevent user transactions during periods of oracle downtime. Ensuring that transactions are only enabled during periods of oracle uptime allows us to ensure consistently accurate and updated oracle values so as to prevent potential financial exploits.

👾APY.Finance Weekly Update (7/4 - 7/10) 👾

📈 Progress Remaining for Alpha
Oracles & Pricing
[75% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[70% Complete] Gnosis Safe
[60% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[55% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates

🏷 Oracles & Pricing
We’ve engaged in a test run on our staging environment before we deploy more significant funds from the company treasury for a larger scale mainnet test. In this test run, we’ve tested the process of pulling funds to and from the LP safe and pools. We’ve also tested deploying and withdrawing from farms, and ensuring pulled Chainlink values are consistently accurate and used appropriately.

Successful testing demonstrates that the precursors to Alpha launch are falling into place after months of rigorous development.

📂 Portfolio Management
We’ve added a new form on our landing page where users can suggest additional farms to potentially integrate with APY.Finance. Whether you’re a user, or a dedicated team member, we’d love to hear from you. Suggest new farms here.

🔐 Security
Our team is currently reviewing Halborn’s next draft of our ongoing financial audit. Our current focus is ensuring that the platform’s management system is air-tight and secure by using appropriate role based permissions with appropriate policies set in place for each. Defining key processes for interacting with the platform ensures that we are managing the platform securely, and that a black swan event, such as a compromised admin key, wouldn't lead to a hostile system takeover.

🌐 User Interface
Our front-end team has successfully implemented all updates given the feedback from our last round of UX testing. We are currently integrating additional farms, specifically AAVE’s stablecoin lending pools. We are also updating the UX surrounding user deposits, which includes a new display banner that indicates when users are actively participating in our yield farming strategies. This serves as a simple reminder to users that following their stablecoin deposit, no other steps are needed on their end.

Our goal in sight is to keep the system as simple for users of all skill levels as possible. Whether you’re an experienced Defi veteran, or APY.Finance is your first yield farming platform, we aim to ensure users will be capable of making informed decisions throughout the platform.

👾APY.Finance Weekly Update (7/11 - 7/17) 👾

📈 Progress Remaining for Alpha
Oracles & Pricing
[80% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[75% Complete] Gnosis Safe
[65% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[60% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates

🔐 Security
Our team is currently reviewing the financial audit Halborn has provided us, which has led us to improve the segregation of roles and responsibilities of contracts, resulting in increased operational security and a lowered possibility of operational error.

Further, a standard smart contract audit being conducted by Halborn is now underway. This standard audit will be akin to smart contract audits typically seen within Defi, and is being completed in parallel with a more comprehensive and financial audit. This audit will be available for viewing within the coming weeks, and marks a pivotal moment for the release of the forthcoming Alpha.

📂 Portfolio Management
Our team has spent this week evaluating methods to streamline platform operation. We’re implementing a management dashboard which allows us to make changes, test the system, and view the platform’s general state on the fly. A simplified system monitoring solution allows our team to respond to potential issues quicker, and frees up bandwidth for our engineers, which they can use on building new features instead of system maintenance.

Further, our team has created a Snapshot governance page where votes on proposals will be hosted, and token holders in the community will be able to vote. Stay tuned for hosted governance votes.

🌐 User Interface
This week, our front-end team has begun upgrading the UI error feedback system, which will display error messages and alerts to the end user, such as API, or data fetching errors. This will assist users in getting appropriate support, should they require additional assistance from our support team.

Finally, our team has performed various end-to-end integration tests from Gnosis Safe to verify deployed values and APYs are being properly displayed on the platform dashboard. Testing has demonstrated success, and pulled values were consistently displayed accurately. We’ve also conducted various code clean-up and refactors, which have reduced rerenders, ultimately reducing load times and speeding up the system for users.

👾APY.Finance Weekly Update (7/18 - 7/24) 👾

📈 Progress Remaining for Alpha
Oracles & Pricing
[85% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[75% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[65% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates

🔐 Security
Our standard smart contract audit is currently being finalized, and is expected to be delivered by our auditing firm Halborn for internal review by the end of next week.

Our team has also mapped out the implementation of improving the segregation, and roles and responsibilities of contracts to lower the possibility of operational error while managing the platform. We will assign various roles and responsibilities to different contracts, with required access permissions pending the strength and impact of each contract. This reduces operational complexity and limits the possibility of operational error and potentially harmful security breaches, as more powerful contracts will require additional control and changes from multiple parties, while more lightweight, day-to-day contracts that are less impactful will require fewer handlers to change.

📂 Platform Management
These security updates also assist in streamlining platform management by simplifying and creating a more hands-off platform management experience. This reduces the possibility of operational error, increases platform security in the case of a security breach, and reduces necessary manual oversight, freeing our engineer’s bandwidth to work on platform updates instead of active platform management.

In addition, the team has evaluated a further extension to our asset allocation registry system which will further reduce operational risks when adding new farms to the platform.

🏷 Oracles & Pricing
Our security efforts this week also led us to rework the multiple contexts in which the system would lock or unlock the oracle feed, and assign different roles to each of these contexts.

🌐 User Interface
Our front-end team has implemented, and continues to develop our UI feedback system which displays relevant error messages to users, and gives our support team the necessary information to solve user’s errors.

👾APY.Finance Weekly Update (7/25 - 7/31) 👾


📈 Progress Remaining for Alpha
Oracles & Pricing
[85% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[70% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates

🚀 DeFi Security Fundamentals
Our team continues to monitor and evaluate the state of other projects within DeFi, including hacks and exploits, which assists in covering avenues of potential risks while developing our own security updates. As the industry grows, and becomes more targeted, it will only become more important to mitigate these threats. As a platform designed for the long-haul, and for ease of use, these pre-launch security efforts are fundamental in ensuring users can use APY.Finance with confidence for years to come.

For example, the recent hack on Popsicle.finance shows us that as advanced as DeFi has become, it’s important not to overlook the nuances of long-standing token standards such as ERC-20.

Our team analyzed the attack and contracts involved. We discovered the Sorbetto contract has a similar flow for calculating fees as the widely used Unipool contract. A modifier is used to store updated fee amounts for accounts based on their balance of LP tokens. However, a key difference, which the attackers were able to exploit, was that the Sorbetto contract allows the balance of LP tokens to be transferred. The Unipool contract, on the other hand, locks LP tokens so they cannot be transferred.

When the LP tokens were transferred, the fees were never recalculated, effectively breaking ERC-20 fungibility. In layman’s terms, one LP token was not always interchangeable with another. The attackers exploited this to withdraw large portions of the pool in fees.

In short, security is of utmost priority for APY.Finance, and we appreciate your continued support as we head into the final stages of Alpha development.

🔐Security Updates
Our standard smart contract audit has been received and is currently under review while our team continues to evaluate security measures with our auditors, Halborn.

Further, our engineers have completed the implementation and testing of developed access controls needed for the segregation of roles and responsibilities of contracts. By creating more granular access controls and explicitly defining the segregation of duties of contracts, we’ve reduced operational complexity and lowered the ceiling of potential operational error. These changes are necessary for creating a more secure and hands-off platform management system. We’ve also begun the implementation of other security remediations, such as proper asset allocations and a protocol whitelist.

📂Platform Management
Our team is currently scoping out the way we fund liquidity provisions in an attempt to automate this function by giving it less power, and less access to the platform. This will allow the function to be more lightweight and nimble, and controlled by a less restrictive multisig.

🌐 User Interface
Our front-end team has completed implementing the state management and event handling functionality of the UI feedback system. This involved building out the template for the pop-up component (also known as "toast" notifications), as well as the context component which serves as the app's interface for retrieving and updating the data for the pop-up list. These pop-ups will display relevant error messages and other pivotal information to users regarding any issues they may encounter.

Finally, we'll be wrapping up the integration of this feedback system by ensuring that notifications are being triggered for the various cases such as unsupported networks, disconnected wallet, app maintenance, third-party API failures, and etc. ensuring all of our bases are covered.