Further, the CEO of APY.Finance, Will Shahda, recently spoke on a DeFi Summit panel discussing the nuances of DeFi Economic Hacks and Security within a developing project. Watch a VoD of the panel here.
🌐 User Interface
Finally, over the past couple of weeks, our front-end engineers have updated our dashboard as a result of feedback from the first round of UX testing, with another round of testing to follow soon. Some notable changes include growth and reward projections that are dynamically calculated and displayed when users enter amounts on our forms, more metrics for users' staked positions, yield breakdowns on deployed strategies, and a new TVL chart that can display historical values at different time ranges
Here’s a preview of the updated dashboard and changes we’ve made:
🌐 User Interface
Finally, over the past couple of weeks, our front-end engineers have updated our dashboard as a result of feedback from the first round of UX testing, with another round of testing to follow soon. Some notable changes include growth and reward projections that are dynamically calculated and displayed when users enter amounts on our forms, more metrics for users' staked positions, yield breakdowns on deployed strategies, and a new TVL chart that can display historical values at different time ranges
Here’s a preview of the updated dashboard and changes we’ve made:
1.png
42.8 KB
Main portfolio dashboard. We’ve added projected growth and rewards per day metrics that are dynamically calculated based on user input. These changes help users analyze their options before depositing stablecoins.
Dashboard_Updates_2.png
118.8 KB
Liquidity providing and staking. Users are now able to see the total value of staked pool tokens as well as their share and daily reward distribution.
Dashboard_Updates_3.png
83.2 KB
Deployed strategies and rewards earned.
Dashboard_Updates_4.png
55.9 KB
Strategy yield breakdown. We’ve simplified this by combining strategy percentage bars into one bar to more clearly display yield breakdown.
Dashboard_Updates_5.png
119.6 KB
TVL Chart is more clearly displayed and has available historical data for custom time ranges.
APY.Finance Announcements pinned «👾 APY.Finance Weekly Update 6/6 - 6/12 👾 📈 Alpha Release Progress Oracles & Pricing [60% Complete] Chainlink Monitoring [100% Complete] Oracle Emergency Systems Portfolio Management [55% Complete] Gnosis Safe [45% Complete] Administration & Governance Tools…»
👾 APY.Finance Weekly Update 6/13 - 6/19 👾
📈 Alpha Release Progress
Oracles & Pricing
[60% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[55% Complete] Gnosis Safe
[45% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[45% Complete] Security Updates
User Interface
[55% Complete] UX Testing
[75% Complete] UX Updates
🔐 Security & 📂 Portfolio Management
This week, our project has reached a significant milestone as we have officially begun mainnet testing. Our developers have deployed contracts to mainnet as we initially utilize company funds as a test-source, so as not to risk user’s liquidity until we can ensure confidence of successful testing. Once testing is complete, we’ll connect existing liquidity pools to deploy all pooled capital using the currently implemented contracts for the Alpha build.
🏷 Oracles & Pricing
Mainnet testing begun this week will allow us to evaluate Chainlink Monitoring and its level of completion, evaluating if it is Alpha-ready. If we determine Chainlink Monitoring developments required for Alpha are complete, we can officially tie off our efforts on Oracles & Pricing as our team shifts their focus toward other necessary avenues of development.
🌐 User Interface
This week, our front-end engineers complete integration of newly developed features as we prepare for yet another cycle of UX testing, feedback analysis, and development.
Finally, metric calculations for staking and unstaking forms that display a user's share of staked TVL have been completed. Further, we’ve updated the method of which our system stores strategies internally to account for all tokens that are being farmed for each strategy.
📈 Alpha Release Progress
Oracles & Pricing
[60% Complete] Chainlink Monitoring
[55% Complete] Gnosis Safe
[45% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[45% Complete] Security Updates
User Interface
[55% Complete] UX Testing
[75% Complete] UX Updates
🔐 Security & 📂 Portfolio Management
This week, our project has reached a significant milestone as we have officially begun mainnet testing. Our developers have deployed contracts to mainnet as we initially utilize company funds as a test-source, so as not to risk user’s liquidity until we can ensure confidence of successful testing. Once testing is complete, we’ll connect existing liquidity pools to deploy all pooled capital using the currently implemented contracts for the Alpha build.
🏷 Oracles & Pricing
Mainnet testing begun this week will allow us to evaluate Chainlink Monitoring and its level of completion, evaluating if it is Alpha-ready. If we determine Chainlink Monitoring developments required for Alpha are complete, we can officially tie off our efforts on Oracles & Pricing as our team shifts their focus toward other necessary avenues of development.
🌐 User Interface
This week, our front-end engineers complete integration of newly developed features as we prepare for yet another cycle of UX testing, feedback analysis, and development.
Finally, metric calculations for staking and unstaking forms that display a user's share of staked TVL have been completed. Further, we’ve updated the method of which our system stores strategies internally to account for all tokens that are being farmed for each strategy.
👾 APY.Finance Weekly Update 6/20 - 6/26 👾
📈 Alpha Release Progress
Oracles & Pricing
[65% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[60% Complete] Gnosis Safe
[50% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[50% Complete] Security Updates
User Interface
[60% Complete] UX Testing
[80% Complete] UX Updates
🔐 Security
We have continued to collaborate with Halborn on an extremely thorough and in-depth economic audit to evaluate and update security and economic risks. Halborn will soon begin working on a standard smart contract audit in parallel which will be more aligned with audits typically seen within DeFi, and will have a much quicker turnaround.
Further, we’ve been keeping an eye on the fallout of recent hacks and software failures of other projects such as Alchemix and Iron Finance, which have resulted in loss of funds. By thinking about the next phase of DeFi while simultaneously measuring the pulse of DeFi projects today, our team has proactively engineered a system that can mitigate similar financial risks.
📂 Portfolio Management
Mainnet testing began on June 17th and is ongoing. In the coming weeks, we will initiate our first wave of governance votes where token holders within the community can vote on system changes and strategy proposals. This marks a key milestone in decentralizing control of the APY.Finance platform, shifting management away from the internal APY.Finance team to $APY token holders and the greater community.
🏷 Oracles & Pricing
We’ve resolved an implementation issue of a node used through Chainlink which temporarily prevented forked testing locally, a necessary precursor to testing on live mainnet. Testing on a forked local server before deploying to live mainnet allows us to ensure the system is running properly when testing new positions. This has allowed us to continue mainnet testing with company treasury funds before connecting existing liquidity pools and deploying all pooled capital.
🌐 User Interface
Our front-end team has spent this week resuming UX testing, and implementing quality of life improvements to the front-end dashboard. These changes include creating a more seamless transaction flow that will emulate the live build for UX testers, as well as minor usability improvements such as automatically selecting the stablecoin with the largest balance by default, and improving user guidance around staking.
Further, we’ve kicked off another round of UX testing and have begun analyzing feedback and update priorities based on testing. One suggestion given by a UX tester encouraged our team to to more clearly display labels of different token balances, and create an even more seamless transaction flow that will guide both new and experienced users through the staking process, step-by-step, in an effort to become the most intuitive and user-friendly yield farming platform on the market.
📈 Alpha Release Progress
Oracles & Pricing
[65% Complete] Chainlink Monitoring
[60% Complete] Gnosis Safe
[50% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[50% Complete] Security Updates
User Interface
[60% Complete] UX Testing
[80% Complete] UX Updates
🔐 Security
We have continued to collaborate with Halborn on an extremely thorough and in-depth economic audit to evaluate and update security and economic risks. Halborn will soon begin working on a standard smart contract audit in parallel which will be more aligned with audits typically seen within DeFi, and will have a much quicker turnaround.
Further, we’ve been keeping an eye on the fallout of recent hacks and software failures of other projects such as Alchemix and Iron Finance, which have resulted in loss of funds. By thinking about the next phase of DeFi while simultaneously measuring the pulse of DeFi projects today, our team has proactively engineered a system that can mitigate similar financial risks.
📂 Portfolio Management
Mainnet testing began on June 17th and is ongoing. In the coming weeks, we will initiate our first wave of governance votes where token holders within the community can vote on system changes and strategy proposals. This marks a key milestone in decentralizing control of the APY.Finance platform, shifting management away from the internal APY.Finance team to $APY token holders and the greater community.
🏷 Oracles & Pricing
We’ve resolved an implementation issue of a node used through Chainlink which temporarily prevented forked testing locally, a necessary precursor to testing on live mainnet. Testing on a forked local server before deploying to live mainnet allows us to ensure the system is running properly when testing new positions. This has allowed us to continue mainnet testing with company treasury funds before connecting existing liquidity pools and deploying all pooled capital.
🌐 User Interface
Our front-end team has spent this week resuming UX testing, and implementing quality of life improvements to the front-end dashboard. These changes include creating a more seamless transaction flow that will emulate the live build for UX testers, as well as minor usability improvements such as automatically selecting the stablecoin with the largest balance by default, and improving user guidance around staking.
Further, we’ve kicked off another round of UX testing and have begun analyzing feedback and update priorities based on testing. One suggestion given by a UX tester encouraged our team to to more clearly display labels of different token balances, and create an even more seamless transaction flow that will guide both new and experienced users through the staking process, step-by-step, in an effort to become the most intuitive and user-friendly yield farming platform on the market.
👾 APY.Finance Weekly Update 6/27 - 7/3 👾
📈 Alpha Release Progress
Oracles & Pricing
[70% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[65% Complete] Gnosis Safe
[55% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[50% Complete] Security Updates
User Interface
[60% Complete] UX Testing
[85% Complete] UX Updates
🔐 Security
This week we made significant progress on a standard smart contract audit with Halborn. This added, but important component of our security analysis is happening in parallel with our ongoing financial audit. Revisions to our oracle implementation are progressing as well, and Halborn has worked to incorporate these changes into revisions within the financial audit.
With these changes, this financial audit, in combination with the standard smart contract audit, will provide a more comprehensive and thorough than audit from others in Defi, setting a new standard that aligns with the increased focus and security needed to safely and securely perform on chain transactions.
📂 Portfolio Management
Our engineers have set up a forked staging environment allowing us to battle-test the system infrastructure in real-time before deploying to the live mainnet build.
To support ongoing governance, we've decided on a Snapshot space to manage strategy proposals. Using Snapshot, proposals will be hosted, and token holders will be able to vote, a paramount precursor to launching our fully decentralized governance platform.
🌐 User Interface
Our front-end team has continued to simplify and increase guidance surrounding our staking platform. We’ve included more indicators and labels which will help guide users through the system with a streamlined experience.
We’ve also updated and integrated our APY core package including updates to how our oracle downtime security measures are displayed. As a result, we can now prevent user transactions during periods of oracle downtime. Ensuring that transactions are only enabled during periods of oracle uptime allows us to ensure consistently accurate and updated oracle values so as to prevent potential financial exploits.
📈 Alpha Release Progress
Oracles & Pricing
[70% Complete] Chainlink Monitoring
[65% Complete] Gnosis Safe
[55% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[50% Complete] Security Updates
User Interface
[60% Complete] UX Testing
[85% Complete] UX Updates
🔐 Security
This week we made significant progress on a standard smart contract audit with Halborn. This added, but important component of our security analysis is happening in parallel with our ongoing financial audit. Revisions to our oracle implementation are progressing as well, and Halborn has worked to incorporate these changes into revisions within the financial audit.
With these changes, this financial audit, in combination with the standard smart contract audit, will provide a more comprehensive and thorough than audit from others in Defi, setting a new standard that aligns with the increased focus and security needed to safely and securely perform on chain transactions.
📂 Portfolio Management
Our engineers have set up a forked staging environment allowing us to battle-test the system infrastructure in real-time before deploying to the live mainnet build.
To support ongoing governance, we've decided on a Snapshot space to manage strategy proposals. Using Snapshot, proposals will be hosted, and token holders will be able to vote, a paramount precursor to launching our fully decentralized governance platform.
🌐 User Interface
Our front-end team has continued to simplify and increase guidance surrounding our staking platform. We’ve included more indicators and labels which will help guide users through the system with a streamlined experience.
We’ve also updated and integrated our APY core package including updates to how our oracle downtime security measures are displayed. As a result, we can now prevent user transactions during periods of oracle downtime. Ensuring that transactions are only enabled during periods of oracle uptime allows us to ensure consistently accurate and updated oracle values so as to prevent potential financial exploits.
👾APY.Finance Weekly Update (7/4 - 7/10) 👾
📈 Progress Remaining for Alpha
Oracles & Pricing
[75% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[70% Complete] Gnosis Safe
[60% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[55% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🏷 Oracles & Pricing
We’ve engaged in a test run on our staging environment before we deploy more significant funds from the company treasury for a larger scale mainnet test. In this test run, we’ve tested the process of pulling funds to and from the LP safe and pools. We’ve also tested deploying and withdrawing from farms, and ensuring pulled Chainlink values are consistently accurate and used appropriately.
Successful testing demonstrates that the precursors to Alpha launch are falling into place after months of rigorous development.
📂 Portfolio Management
We’ve added a new form on our landing page where users can suggest additional farms to potentially integrate with APY.Finance. Whether you’re a user, or a dedicated team member, we’d love to hear from you. Suggest new farms here.
🔐 Security
Our team is currently reviewing Halborn’s next draft of our ongoing financial audit. Our current focus is ensuring that the platform’s management system is air-tight and secure by using appropriate role based permissions with appropriate policies set in place for each. Defining key processes for interacting with the platform ensures that we are managing the platform securely, and that a black swan event, such as a compromised admin key, wouldn't lead to a hostile system takeover.
🌐 User Interface
Our front-end team has successfully implemented all updates given the feedback from our last round of UX testing. We are currently integrating additional farms, specifically AAVE’s stablecoin lending pools. We are also updating the UX surrounding user deposits, which includes a new display banner that indicates when users are actively participating in our yield farming strategies. This serves as a simple reminder to users that following their stablecoin deposit, no other steps are needed on their end.
Our goal in sight is to keep the system as simple for users of all skill levels as possible. Whether you’re an experienced Defi veteran, or APY.Finance is your first yield farming platform, we aim to ensure users will be capable of making informed decisions throughout the platform.
📈 Progress Remaining for Alpha
Oracles & Pricing
[75% Complete] Chainlink Monitoring
[70% Complete] Gnosis Safe
[60% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[55% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🏷 Oracles & Pricing
We’ve engaged in a test run on our staging environment before we deploy more significant funds from the company treasury for a larger scale mainnet test. In this test run, we’ve tested the process of pulling funds to and from the LP safe and pools. We’ve also tested deploying and withdrawing from farms, and ensuring pulled Chainlink values are consistently accurate and used appropriately.
Successful testing demonstrates that the precursors to Alpha launch are falling into place after months of rigorous development.
📂 Portfolio Management
We’ve added a new form on our landing page where users can suggest additional farms to potentially integrate with APY.Finance. Whether you’re a user, or a dedicated team member, we’d love to hear from you. Suggest new farms here.
🔐 Security
Our team is currently reviewing Halborn’s next draft of our ongoing financial audit. Our current focus is ensuring that the platform’s management system is air-tight and secure by using appropriate role based permissions with appropriate policies set in place for each. Defining key processes for interacting with the platform ensures that we are managing the platform securely, and that a black swan event, such as a compromised admin key, wouldn't lead to a hostile system takeover.
🌐 User Interface
Our front-end team has successfully implemented all updates given the feedback from our last round of UX testing. We are currently integrating additional farms, specifically AAVE’s stablecoin lending pools. We are also updating the UX surrounding user deposits, which includes a new display banner that indicates when users are actively participating in our yield farming strategies. This serves as a simple reminder to users that following their stablecoin deposit, no other steps are needed on their end.
Our goal in sight is to keep the system as simple for users of all skill levels as possible. Whether you’re an experienced Defi veteran, or APY.Finance is your first yield farming platform, we aim to ensure users will be capable of making informed decisions throughout the platform.
Typeform
APY.Finance - Farm Introduction
Turn data collection into an experience with Typeform. Create beautiful online forms, surveys, quizzes, and so much more. Try it for FREE.
👾APY.Finance Weekly Update (7/11 - 7/17) 👾
📈 Progress Remaining for Alpha
Oracles & Pricing
[80% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[75% Complete] Gnosis Safe
[65% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[60% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🔐 Security
Our team is currently reviewing the financial audit Halborn has provided us, which has led us to improve the segregation of roles and responsibilities of contracts, resulting in increased operational security and a lowered possibility of operational error.
Further, a standard smart contract audit being conducted by Halborn is now underway. This standard audit will be akin to smart contract audits typically seen within Defi, and is being completed in parallel with a more comprehensive and financial audit. This audit will be available for viewing within the coming weeks, and marks a pivotal moment for the release of the forthcoming Alpha.
📂 Portfolio Management
Our team has spent this week evaluating methods to streamline platform operation. We’re implementing a management dashboard which allows us to make changes, test the system, and view the platform’s general state on the fly. A simplified system monitoring solution allows our team to respond to potential issues quicker, and frees up bandwidth for our engineers, which they can use on building new features instead of system maintenance.
Further, our team has created a Snapshot governance page where votes on proposals will be hosted, and token holders in the community will be able to vote. Stay tuned for hosted governance votes.
🌐 User Interface
This week, our front-end team has begun upgrading the UI error feedback system, which will display error messages and alerts to the end user, such as API, or data fetching errors. This will assist users in getting appropriate support, should they require additional assistance from our support team.
Finally, our team has performed various end-to-end integration tests from Gnosis Safe to verify deployed values and APYs are being properly displayed on the platform dashboard. Testing has demonstrated success, and pulled values were consistently displayed accurately. We’ve also conducted various code clean-up and refactors, which have reduced rerenders, ultimately reducing load times and speeding up the system for users.
📈 Progress Remaining for Alpha
Oracles & Pricing
[80% Complete] Chainlink Monitoring
[75% Complete] Gnosis Safe
[65% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[60% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🔐 Security
Our team is currently reviewing the financial audit Halborn has provided us, which has led us to improve the segregation of roles and responsibilities of contracts, resulting in increased operational security and a lowered possibility of operational error.
Further, a standard smart contract audit being conducted by Halborn is now underway. This standard audit will be akin to smart contract audits typically seen within Defi, and is being completed in parallel with a more comprehensive and financial audit. This audit will be available for viewing within the coming weeks, and marks a pivotal moment for the release of the forthcoming Alpha.
📂 Portfolio Management
Our team has spent this week evaluating methods to streamline platform operation. We’re implementing a management dashboard which allows us to make changes, test the system, and view the platform’s general state on the fly. A simplified system monitoring solution allows our team to respond to potential issues quicker, and frees up bandwidth for our engineers, which they can use on building new features instead of system maintenance.
Further, our team has created a Snapshot governance page where votes on proposals will be hosted, and token holders in the community will be able to vote. Stay tuned for hosted governance votes.
🌐 User Interface
This week, our front-end team has begun upgrading the UI error feedback system, which will display error messages and alerts to the end user, such as API, or data fetching errors. This will assist users in getting appropriate support, should they require additional assistance from our support team.
Finally, our team has performed various end-to-end integration tests from Gnosis Safe to verify deployed values and APYs are being properly displayed on the platform dashboard. Testing has demonstrated success, and pulled values were consistently displayed accurately. We’ve also conducted various code clean-up and refactors, which have reduced rerenders, ultimately reducing load times and speeding up the system for users.
👾APY.Finance Weekly Update (7/18 - 7/24) 👾
📈 Progress Remaining for Alpha
Oracles & Pricing
[85% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[75% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[65% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🔐 Security
Our standard smart contract audit is currently being finalized, and is expected to be delivered by our auditing firm Halborn for internal review by the end of next week.
Our team has also mapped out the implementation of improving the segregation, and roles and responsibilities of contracts to lower the possibility of operational error while managing the platform. We will assign various roles and responsibilities to different contracts, with required access permissions pending the strength and impact of each contract. This reduces operational complexity and limits the possibility of operational error and potentially harmful security breaches, as more powerful contracts will require additional control and changes from multiple parties, while more lightweight, day-to-day contracts that are less impactful will require fewer handlers to change.
📂 Platform Management
These security updates also assist in streamlining platform management by simplifying and creating a more hands-off platform management experience. This reduces the possibility of operational error, increases platform security in the case of a security breach, and reduces necessary manual oversight, freeing our engineer’s bandwidth to work on platform updates instead of active platform management.
In addition, the team has evaluated a further extension to our asset allocation registry system which will further reduce operational risks when adding new farms to the platform.
🏷 Oracles & Pricing
Our security efforts this week also led us to rework the multiple contexts in which the system would lock or unlock the oracle feed, and assign different roles to each of these contexts.
🌐 User Interface
Our front-end team has implemented, and continues to develop our UI feedback system which displays relevant error messages to users, and gives our support team the necessary information to solve user’s errors.
📈 Progress Remaining for Alpha
Oracles & Pricing
[85% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[75% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[65% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🔐 Security
Our standard smart contract audit is currently being finalized, and is expected to be delivered by our auditing firm Halborn for internal review by the end of next week.
Our team has also mapped out the implementation of improving the segregation, and roles and responsibilities of contracts to lower the possibility of operational error while managing the platform. We will assign various roles and responsibilities to different contracts, with required access permissions pending the strength and impact of each contract. This reduces operational complexity and limits the possibility of operational error and potentially harmful security breaches, as more powerful contracts will require additional control and changes from multiple parties, while more lightweight, day-to-day contracts that are less impactful will require fewer handlers to change.
📂 Platform Management
These security updates also assist in streamlining platform management by simplifying and creating a more hands-off platform management experience. This reduces the possibility of operational error, increases platform security in the case of a security breach, and reduces necessary manual oversight, freeing our engineer’s bandwidth to work on platform updates instead of active platform management.
In addition, the team has evaluated a further extension to our asset allocation registry system which will further reduce operational risks when adding new farms to the platform.
🏷 Oracles & Pricing
Our security efforts this week also led us to rework the multiple contexts in which the system would lock or unlock the oracle feed, and assign different roles to each of these contexts.
🌐 User Interface
Our front-end team has implemented, and continues to develop our UI feedback system which displays relevant error messages to users, and gives our support team the necessary information to solve user’s errors.
👾APY.Finance Weekly Update (7/25 - 7/31) 👾
📈 Progress Remaining for Alpha
Oracles & Pricing
[85% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[70% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🚀 DeFi Security Fundamentals
Our team continues to monitor and evaluate the state of other projects within DeFi, including hacks and exploits, which assists in covering avenues of potential risks while developing our own security updates. As the industry grows, and becomes more targeted, it will only become more important to mitigate these threats. As a platform designed for the long-haul, and for ease of use, these pre-launch security efforts are fundamental in ensuring users can use APY.Finance with confidence for years to come.
For example, the recent hack on Popsicle.finance shows us that as advanced as DeFi has become, it’s important not to overlook the nuances of long-standing token standards such as ERC-20.
Our team analyzed the attack and contracts involved. We discovered the Sorbetto contract has a similar flow for calculating fees as the widely used Unipool contract. A modifier is used to store updated fee amounts for accounts based on their balance of LP tokens. However, a key difference, which the attackers were able to exploit, was that the Sorbetto contract allows the balance of LP tokens to be transferred. The Unipool contract, on the other hand, locks LP tokens so they cannot be transferred.
When the LP tokens were transferred, the fees were never recalculated, effectively breaking ERC-20 fungibility. In layman’s terms, one LP token was not always interchangeable with another. The attackers exploited this to withdraw large portions of the pool in fees.
In short, security is of utmost priority for APY.Finance, and we appreciate your continued support as we head into the final stages of Alpha development.
🔐Security Updates
Our standard smart contract audit has been received and is currently under review while our team continues to evaluate security measures with our auditors, Halborn.
Further, our engineers have completed the implementation and testing of developed access controls needed for the segregation of roles and responsibilities of contracts. By creating more granular access controls and explicitly defining the segregation of duties of contracts, we’ve reduced operational complexity and lowered the ceiling of potential operational error. These changes are necessary for creating a more secure and hands-off platform management system. We’ve also begun the implementation of other security remediations, such as proper asset allocations and a protocol whitelist.
📂Platform Management
Our team is currently scoping out the way we fund liquidity provisions in an attempt to automate this function by giving it less power, and less access to the platform. This will allow the function to be more lightweight and nimble, and controlled by a less restrictive multisig.
🌐 User Interface
Our front-end team has completed implementing the state management and event handling functionality of the UI feedback system. This involved building out the template for the pop-up component (also known as "toast" notifications), as well as the context component which serves as the app's interface for retrieving and updating the data for the pop-up list. These pop-ups will display relevant error messages and other pivotal information to users regarding any issues they may encounter.
Finally, we'll be wrapping up the integration of this feedback system by ensuring that notifications are being triggered for the various cases such as unsupported networks, disconnected wallet, app maintenance, third-party API failures, and etc. ensuring all of our bases are covered.
📈 Progress Remaining for Alpha
Oracles & Pricing
[85% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[70% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[90% Complete] UX Updates
🚀 DeFi Security Fundamentals
Our team continues to monitor and evaluate the state of other projects within DeFi, including hacks and exploits, which assists in covering avenues of potential risks while developing our own security updates. As the industry grows, and becomes more targeted, it will only become more important to mitigate these threats. As a platform designed for the long-haul, and for ease of use, these pre-launch security efforts are fundamental in ensuring users can use APY.Finance with confidence for years to come.
For example, the recent hack on Popsicle.finance shows us that as advanced as DeFi has become, it’s important not to overlook the nuances of long-standing token standards such as ERC-20.
Our team analyzed the attack and contracts involved. We discovered the Sorbetto contract has a similar flow for calculating fees as the widely used Unipool contract. A modifier is used to store updated fee amounts for accounts based on their balance of LP tokens. However, a key difference, which the attackers were able to exploit, was that the Sorbetto contract allows the balance of LP tokens to be transferred. The Unipool contract, on the other hand, locks LP tokens so they cannot be transferred.
When the LP tokens were transferred, the fees were never recalculated, effectively breaking ERC-20 fungibility. In layman’s terms, one LP token was not always interchangeable with another. The attackers exploited this to withdraw large portions of the pool in fees.
In short, security is of utmost priority for APY.Finance, and we appreciate your continued support as we head into the final stages of Alpha development.
🔐Security Updates
Our standard smart contract audit has been received and is currently under review while our team continues to evaluate security measures with our auditors, Halborn.
Further, our engineers have completed the implementation and testing of developed access controls needed for the segregation of roles and responsibilities of contracts. By creating more granular access controls and explicitly defining the segregation of duties of contracts, we’ve reduced operational complexity and lowered the ceiling of potential operational error. These changes are necessary for creating a more secure and hands-off platform management system. We’ve also begun the implementation of other security remediations, such as proper asset allocations and a protocol whitelist.
📂Platform Management
Our team is currently scoping out the way we fund liquidity provisions in an attempt to automate this function by giving it less power, and less access to the platform. This will allow the function to be more lightweight and nimble, and controlled by a less restrictive multisig.
🌐 User Interface
Our front-end team has completed implementing the state management and event handling functionality of the UI feedback system. This involved building out the template for the pop-up component (also known as "toast" notifications), as well as the context component which serves as the app's interface for retrieving and updating the data for the pop-up list. These pop-ups will display relevant error messages and other pivotal information to users regarding any issues they may encounter.
Finally, we'll be wrapping up the integration of this feedback system by ensuring that notifications are being triggered for the various cases such as unsupported networks, disconnected wallet, app maintenance, third-party API failures, and etc. ensuring all of our bases are covered.
👾APY.Finance Weekly Update (8/1 - 8/7) 👾
📈 Progress Remaining for Alpha
Oracles & Pricing
[90% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[70% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[95% Complete] UX Updates
🔐 Security
Our engineers have spent this week developing security updates based on feedback from the standard smart contract audit draft delivered by Halborn. These changes include remediations to the TVL manager which will support our new method of handling asset allocations with increased automation. We will continue to collaborate with Halborn on addressing any further security updates over the next few weeks before releasing the standard smart contract publicly.
📂 Platform Management
We’ve simplified our method of funding liquidity provisions by developing and integrating a more autonomous and nimble solution for everyday use. This results in a function that is intentionally less powerful, and has less access to the platform, so we can run it more freely, and with a less restrictive multisig than functions that have more power.
🏷 Oracles & Pricing
We are nearing the completion of all major ‘Oracles & Pricing’ developments necessary for Alpha launch. This milestone frees the bandwidth of our engineers to shift their focus toward other avenues of development.
🌐 User Interface
This week, our front-end team has fully integrated our UI feedback system’s pop-up triggers which will display error messages to users. I.E. unsupported network, oracle maintenance, and account notifications. We’ve also remediated any outstanding platform loading bugs by updating the implementation surrounding the management of asynchronous data pulled from smart contracts and updating loading and error states.
Below is a preview of our UI feedback notification system:
📈 Progress Remaining for Alpha
Oracles & Pricing
[90% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Portfolio Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[70% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[95% Complete] UX Updates
🔐 Security
Our engineers have spent this week developing security updates based on feedback from the standard smart contract audit draft delivered by Halborn. These changes include remediations to the TVL manager which will support our new method of handling asset allocations with increased automation. We will continue to collaborate with Halborn on addressing any further security updates over the next few weeks before releasing the standard smart contract publicly.
📂 Platform Management
We’ve simplified our method of funding liquidity provisions by developing and integrating a more autonomous and nimble solution for everyday use. This results in a function that is intentionally less powerful, and has less access to the platform, so we can run it more freely, and with a less restrictive multisig than functions that have more power.
🏷 Oracles & Pricing
We are nearing the completion of all major ‘Oracles & Pricing’ developments necessary for Alpha launch. This milestone frees the bandwidth of our engineers to shift their focus toward other avenues of development.
🌐 User Interface
This week, our front-end team has fully integrated our UI feedback system’s pop-up triggers which will display error messages to users. I.E. unsupported network, oracle maintenance, and account notifications. We’ve also remediated any outstanding platform loading bugs by updating the implementation surrounding the management of asynchronous data pulled from smart contracts and updating loading and error states.
Below is a preview of our UI feedback notification system:
👾APY.Finance Weekly Update (8/8 - 8/14) 👾
📈 Progress Remaining for Alpha
Oracles & Pricing
[95% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Platform Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[75% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[95% Complete] UX Updates
🔐 Security
This week, our smart contract engineers continue to collaborate with Halborn on remediations for our ongoing smart contract and financial audits.
Further, our team is implementing individual asset allocations that use our newly developed TVL management system which will be able to directly and autonomously pull TVL values directly from different governance tokens and pools. This new system is developed as part of our roadmap toward more platform automation, which frees the bandwidth of our engineers of constant platform oversight. Finally, over the course of our next development sprint, we will begin developing a proxy contract whitelist of protocols.
🌐 User Interface
Following the completion of the UI feedback system, our front-end team has begun planning the platform’s “Tour Guide” update, which will guide users through the process of yield farming and staking on each page of the new layout. We’ve designed a simpler and more future-proof Tour Guide that will be more resilient to future UI updates.
The Tour Guide is pivotal in introducing new users to yield farming, as our mission with APY.Finance is to provide the simplest and most accessible yield farming experience possible for both new and experienced users.
Our team also continued to update the messaging and implementation of the platform’s transaction flow, resulting in more consistent messaging when interacting with the network. Lastly, we’ve updated our method of displaying growth metrics for a user’s earnings over time to now display values in both USD and percentages.
📈 Progress Remaining for Alpha
Oracles & Pricing
[95% Complete] Chainlink Monitoring
[100% Complete] Oracle Emergency Systems
Platform Management
[80% Complete] Gnosis Safe
[70% Complete] Administration & Governance Tools
Security
[90% Complete] Security Audit
[75% Complete] Security Updates
User Interface
[75% Complete] UX Testing
[95% Complete] UX Updates
🔐 Security
This week, our smart contract engineers continue to collaborate with Halborn on remediations for our ongoing smart contract and financial audits.
Further, our team is implementing individual asset allocations that use our newly developed TVL management system which will be able to directly and autonomously pull TVL values directly from different governance tokens and pools. This new system is developed as part of our roadmap toward more platform automation, which frees the bandwidth of our engineers of constant platform oversight. Finally, over the course of our next development sprint, we will begin developing a proxy contract whitelist of protocols.
🌐 User Interface
Following the completion of the UI feedback system, our front-end team has begun planning the platform’s “Tour Guide” update, which will guide users through the process of yield farming and staking on each page of the new layout. We’ve designed a simpler and more future-proof Tour Guide that will be more resilient to future UI updates.
The Tour Guide is pivotal in introducing new users to yield farming, as our mission with APY.Finance is to provide the simplest and most accessible yield farming experience possible for both new and experienced users.
Our team also continued to update the messaging and implementation of the platform’s transaction flow, resulting in more consistent messaging when interacting with the network. Lastly, we’ve updated our method of displaying growth metrics for a user’s earnings over time to now display values in both USD and percentages.