Page cover

🔒Security

Security is often the number one concern for DeFi users. We at Alpaca understand these concerns and have focused on having top-level security since the creation of our protocol, while continuously striving to improve upon it. As a result, our efforts have been recognized by various security groups and we've been trusted by large institutions with their funds, such as TrueUSD which has deployed 8 figures in funding into our protocol.

We also passed the rigorous security standards set by Nexus Mutual, a leading risk protocol for crypto, in order to offer our users cover through their platform. Alpaca Finance continues to strive to set the security standards in DeFi and become a trusted brand for institutions and everyday users. You can read more about our security protocols below.

Is It Safe to Use Alpaca?

Alpaca Insurance Plan

Nexus Mutual Cover

InsurAce Cover

The Alpaca Guard

🔒Is It Safe to Use Alpaca?

In short, yes. Within the BNB Chain and Fantom community, Alpaca Finance is widely regarded as one of the most secure platforms because of our spotless track record of never having had a security issue, and our multi-layered security processes, which you can read below:

  • We’ve had an industry-leading 23 security audits, from top firms such as PeckShield, Certik, Inspex, and SlowMist.

  • For users who desire insurance, we've also integrated Nexus Mutual Cover and InsurAce to provide users the option of buying Cover, which can reimburse their funds in the event of a loss.

  • In addition to Nexus Mutual and InsurAce cover, we implemented our own Insurance Plan. In the case of a shortfall event, up to 50% of future Protocol Revenue going to the Governance Vault would be available to pay back users who lost funds, for up to a period of 1 year, meaning there would be at least 7 figures of potential cover.

  • In June 2021, Alpaca received the highest security rating on BNB Chain from Defi Safety which was advertised by BNB Chain itself, and the 3rd highest Security Score from Certik.

  • Regarding the ALPACA token, we've made it as dump-proof as possible. Our ALPACA token is fair launch, with 87% of total supply going to platform participants. The team is only getting less than 9% of tokens, and that’s vested over 2 years. We also had no presale, no pre-mine, and no investors, so there’s no one to dump on token holders.

  • Our code is open-source, with every line having been combed through by hundreds of independent developers. We even have a professional Bug Bounty Program with Immunefi to offer high rewards if anyone spots as little as a minor issue. We invite you to have a look through our code yourself here.

  • Then, besides extensive code reviews having been conducted both internally and externally, there are also built-in safeguards in place. For example, all the contracts we deploy are owned by a Timelock contract. Thus, any changes made by our developers will have a 24-hour lag before becoming effective. That means users will have ample time to withdraw their funds and exit safely in the case of any questionable update to the code. Moreover, any changes to be queued into our Timelock contract need to be approved by a multi-sig address, adding another layer of security. With tens of thousands of users, you can believe that every small change is under constant scrutiny from many participants. At times, it's a tough job dealing with all their questions, but it's honest work. 👨‍🌾

  • Regarding flash loans, Alpaca does not allow them so you will be safe from all such attacks.

  • Then for price manipulation and flash liquidation, Alpaca integrates Chainlink price feeds and also has an in-house Alpaca Guard which prevents those.

  • Finally, we make efforts not only to secure our own protocol, but also the entire ecosystem. That's why we only work with projects that meet our high standards for safety. Every project we work with has to pass our Security Scorecard, a type of qualitative audit that complements code audits.

  • As a final word, even with everything we do, users should still educate themselves. It's important to be aware of the potential risks of participating in any DeFi project, which you can read more about here.

Is Alpaca at risk of a flash loan attack?

No, Alpaca is only EOA which means it does not allow flash loans to interact with the protocol. This makes flash loan attacks impossible.

🔒Alpaca Insurance Plan

As per AIP-27, Alpaca Insurance plan has been abolished. As such, this section serves only as referenced information before the AIP-27 vote.

One major topic of concern we’ve heard time and time again from prospective users, both individual and institutional — is safety. In fact, that is a loaded term. There are a few parts people think about when they evaluate safety.

The first part is: how can they know that their funds will be safe at Alpaca Finance?

We’ve done our best the past year in solidifying Alpaca as one of the most secure protocols, having received an industry-leading 20+ audits and possessing a spotless track record of no security issues. So we’ve done our best in this aspect. Even so, it’s not always enough to convince new entrants to deploy into our DeFi platform. They have other concerns, which brings us to the second part.

The second major thing prospective users care about is: if there was a security event that caused a shortfall event, what insurance or follow-up protections would be available to cover their loss?

We’ve instituted partnerships with Nexus Mutual and InsurAce to provide optional cover for users of our platform. Even so, these products add another layer of complexity to new users who are already struggling with the complexity of the base DeFi products they’re considering investing in. As such, many prospective users find this lacking, and as a result, we’ve come up with a simpler solution — the Alpaca Insurance Plan.

Insurance Plan vs. Insurance Fund

Insurance funds are a well-known security fallback mechanism used by CEXs and financial institutions. While insurance funds have their place, we believe there is a better solution. It can take a long time to build insurance funds, during which time there is no proper plan in place, and when they are ready, the capital sits around without being put to use, which is inefficient.

Instead of event response, we prefer focusing on event prevention, which is why we build with a security-first focus. With our thorough processes and around-the-clock monitoring, the chance of a shortfall event is already minimized as much as possible, and given that’s the case, we believe it’s better to have a conditional Insurance Plan that would only activate once a shortfall event occurred. A shortfall event would be when there was a deficit in the money markets that belong to Alpaca’s ecosystem.

As for where the funds will come from to cover losses, it will be from future revenues. To be specific, in the case of a shortfall event, up to 50% of future Protocol Revenue going to the Governance Vault would be available to pay back users who lost funds, for up to a period of 1 year, meaning there would be at least 7 figures of potential cover.

For the Alpaca Insurance Plan, we took inspiration from Aave’s Safety Module, except we did not want to sell ALPACA for cover like they sell AAVE, opting to instead use future earnings coming in as Protocol Revenue.

Users’ principal ALPACA locked in the Governance Vault will not be touched, only a portion of future Protocol Revenue, and that’s only in the case of a shortfall event. Hence, in the worst case that a shortfall event is deemed to occur, ALPACA governance stakers will still receive Grazing Range rewards, and 50% of Protocol Revenue. Furthermore, the interpretation for the occurrence of a Shortfall Event will be subject to a Protocol Governance vote. So governance stakers will have the final say on the distribution of the Insurance Plan funds.

The Alpaca Insurance Plan exists to provide some peace of mind to would-be investors in any of the products within our platform. Although in the unlikely case of a shortfall event, a portion of Protocol Revenue would be redistributed, we believe the presence of the Alpaca Insurance Plan will have a greater positive effect, encouraging more users to deploy capital into the Alpaca platform, particularly high net worth individuals and institutions, with whom we’ve had many conversations over the recent months regarding what it would take for them to use or integrate Alpaca Finance. As a result of their participation, the Insurance Plan will deliver higher Protocol Revenue to governance stakers, as well as boost the price of their ALPACA tokens through more buyback&burn.

What the Alpaca Insurance Plan covers

It will cover any shortfall event for which Alpaca Finance’s code or infrastructure is responsible, including: bad debt for lenders, smart contract risk, exploits, economic design failure, severe oracle integration failure, etc.

Exclusions - What Will Not be Covered:

  • Individual liquidations due to network or UI issues

  • Losses due to phishing, private key security breaches, malware, etc

  • Loss events localized to integrated protocols (ie. Pancake if you are in an Alpaca PCS farming pool on BNB Chain)

  • Loss events on partnership projects such as Grazing Ranges

  • Losses due to devaluation of assets, regardless if such devaluation is related to an attack

  • Losses after a hack/bug became public

  • Losses / bad debt from isolated assets in the money market due to their inherently high-risk nature

  • Any events where any other external interoperable or interactive smart contracts are hacked or manipulated in an unintended way, while Alpaca’s designated smart contracts continue to operate as intended

  • Any event where external inputs (oracles, governance systems, incentive structures, miner behavior and network congestion, etc.) are manipulated, while the Alpaca designated smart contracts continue to operate as intended

  • If a user provides false information or tries to hide, lie, or mislead

Insurance Plan Activation Process:

In the event if there is any loss or damages, a discussion thread will be put on our Governance Forum for the community to discuss and determine the eligibility of the incident if it falls within the Insurance Plan. The activation of the plan and any reimbursement will be decided through a proposal by Governance Voters.

Note:

If any shortfall event triggers the Insurance Plan, it will not be the case that there will be individual claimants. This is protocol-wide cover on all of our products. For example, if there was bad debt in a lending pool, we would send funds back into that lending pool to cover the debt. We would not necessarily do any individual reimbursements, and will not be held responsible for users who withdrew their capital from the pool before repayment occurred.

The aforementioned list is not exhaustive on what is and is not covered, nor is the method of reimbursement or the parties who would get reimbursed in a shortfall event set in stone. The ultimate decision of eligibility for any reimbursement from the Insurance Plan will be in the hands of governance voters.

💰Nexus Mutual Cover

Alpaca is one of a handful of top BNB Chain and Fantom protocols covered by Nexus Mutual, a premium DeFi cover provider. Users have the option to purchase cover for their funds deployed in any Alpaca product, including lending, farming, the Grazing Range, and staking.

How you can benefit from this partnership

You can take advantage of this partnership in two ways:

  • Buy Cover: Users who have capital deployed on Alpaca Finance can buy cover for a potential loss of funds.

  • Provide Cover: If you believe that Alpaca’s code is safe, you can earn income by providing cover for buyers through staking NXM tokens and receiving the cover premium as yield. You can stake in up to 20 pools at once (using the same NXM tokens) including Alpaca so it is very capital efficient.

The features are live so you can head over to Nexus Mutual now to buy or provide cover! (Do note that to buy or provide cover, you have to do so on the Ethereum Mainnet. However, the cover applies to your funds within Alpaca Finance on BNB Chain, and in fact — all blockchains Alpaca will be on in the future)

Shield mining

Starting now, users will be able to stake $NXM to provide cover for Alpaca Finance (as well as 19 other protocols to get their rewards as well) and receive USD $35k rewards in ETH over a period of one month.

Stake here

What situations are covered?

In general, Nexus cover protects against loss of funds (i.e. loss of tokens), but not loss of value (a token’s price dropping). The cover includes funds deployed in all sections of Alpaca Finance, so whether you’re lending, farming, grazing, or staking — you’ll be covered!

Risks Covered:

  • Smart contract risk

  • Code being used in an unintended way

  • Economic design failure

  • Severe oracle failure

  • Governance Attacks

  • Protection for assets on Layer 2 solutions

  • Protection for non-Ethereum smart contracts

  • Protection for a protocol across multiple chains

Risks NOT Covered:

  • Bad debt

  • Liquidations

  • Any other form of defaults

  • Centralization risk such as “rug pulls”

  • Loss events localized to integrated protocols (ie. Pancake if you are in an Alpaca PCS farming pool)

For full cover details, please refer to this document.

How do I buy cover?

First, you must become a Nexus member by paying a small membership fee of 0.0020 ETH (~$5.54): https://app.nexusmutual.io/home

Then, once you’re a member, you can purchase cover within the application interface using a Metamask account (on the Ethereum Mainnet).

Purchasing cover involved only three easy steps:

  1. Press “Get quote” for Alpaca Finance on the Buy cover page

  2. Specify the Cover Amount, Currency(ETH or DAI) and Cover Period

  3. Generate a quote and execute the transaction using Metamask

You are now covered!

You can pay for cover using ETH, DAI or NXM. If paying in ETH or DAI, the system will convert the funds to NXM in the background, then immediately use that NXM to purchase cover.

To reiterate, Nexus Mutual currently only operates on the Ethereum Mainnet. You must switch your wallet to Ethereum Mainnet first before interacting with the protocol. However, the cover you purchase will be applicable for BNB Chain as well as all other chains that Alpaca Finance will operate on in the future.

How do I file a claim?

If you lost funds, owned cover at the time, and believe the circumstances of the loss fall under Nexus Mutual’s cover policy, you can submit a claim, which will then go through the Nexus Mutual’s Claims Assessment process.

Members who stake NXM and choose to act as Claims Assessors can participate in reviewing, discussing, and voting on claims. Members acting as Claims Assessors are incentivized to act honestly, and are deterred from voting fraudulently. If it is determined that a member voted fraudulently in the claims process, the Advisory Board has the power to burn the malicious Claims Assessor’s staked NXM as punishment.

To file a claim, you can go to app.nexusmutual.io/home. The instructions on how to file a claim can also be found here.

Even though we at Alpaca Finance take pride in having one of the cleanest track records and most thorough multi-layered security processes on BNB Chain, we never stop working to improve. Now, with this partnership, we’ve added yet another layer of security to our protocol, hoping it’ll bring even greater peace of mind to our Herd, giving any alpaca the ability to further manage their risks, and farm peacefully.

(Note: This article is a snapshot of information at publishing date and details on cover may be subject to change. Alpaca does not administer or manage this cover, and is not responsible for it. For the final say on the terms and conditions of cover, please make sure to check with Nexus Mutual directly)

💰InsurAce Cover

InsurAce.io will give our users the option to purchase cover for their funds deployed anywhere in Alpaca Finance, including lending, farming, the Grazing Range, and staking.

InsurAce.io is unique in that it integrates various investment products and strategies to offset cover costs, which gives them the ability to offer low premiums. InsurAce.io also allows users to purchase one single low-cost plan to cover multiple protocols and multiple chains, making the process of covering an entire portfolio very convenient. Most importantly though, InsurAce’s cover can be purchased directly on BNB Chain or Fantom.

With this partnership, Alpaca will become one of only five BNB Chain protocols covered by both Nexus Mutual and InsurAce.io, taking another step forward in giving our users peace of mind and establishing ourselves as one of the most secure DeFi protocols.

☔What situations are covered?

Cover purchased on InsurAce generally insures against loss of funds (i.e., loss of tokens), but not loss of value (a token’s price dropping). As mentioned before, the cover includes funds deployed in all sections of Alpaca Finance.

InsurAce’s Smart Contract Cover

InsurAce.io covers smart contract risks, where the designated smart contract means a single smart contract or group of smart contracts, as specified in the Cover, running on the public blockchain network, and excluding any outside inputs to that system such as oracles, miners, and individuals or groups of individuals interacting with the system.

Smart Contract Cover will not pay a claim if

  • Assets lost are NFTs

  • Losses due to phishing, private key security breaches, malware, etc.

  • Losses due to devaluation of assets, regardless if such devaluation is related to the Attack

  • Hacks occurring during the Cover Period, but the hack/bug occurred or was known before the Cover Period

  • Any events where any other external interoperable or interactive smart contracts are hacked or manipulated in an unintended way, while the Designated smart contract continues to operate as intended

  • Any event where external inputs (oracles, governance systems, incentive structures, miner behavior and network congestion, etc.) are manipulated, while the Designated smart contract continues to operate as intended

  • The insured provided false information or tried to hide, lie, or mislead claim assessment

Please note that InsurAce’s Cover will not include issues on underlying DEXs like PancakeSwap or WaultSwap. So if you want cover on those too, consider including them as one of the protocols when you buy Cover.

InsurAce’s full description of what is and is not covered is provided here.

❓How do I buy cover?

Buying cover is simple and fast. Users can buy cover for Alpaca Finance with MetaMask configured to BNB Chain, Fantom, or in fact, Ethereum and Matic (Polygon) Mainnet. When configured to these networks, cover is paid in BNB, ETH or MATIC, respectively.

Step 1: Go to InsurAce.io and select the protocols you want insurance on

  • Launch the InsurAce.io App (https://app.insurace.io/)

  • Go to the “Insurance” tab, click “Buy Covers”

  • Select Alpaca Finance, in addition to other protocols you want insurance on

Step 2: Specify the Cover Amount and Cover Period and confirm the transaction

  • Click the green Folder icon on the bottom right

  • Input the desired Cover Amount* and Cover Period

  • Enter a Referral Code (optional). Entering a referral code will get you $INSUR rewards (claimed here) amounting to 5% of the insurance premium paid. If you don’t have one, you can use our code: 117812559893613627489677677639357097345960442556.

  • If you’re satisfied with the pricing, check the Terms and Conditions box and click “Confirm”

You are now covered!

This link will redirect you to InsurAce.io’s website with most of the steps above completed. A step-by-step guide to purchasing cover is provided here.

*The Cover Amount is the amount you want to be insured. Thus, it is the maximum amount that will be paid to you in the unfortunate case of lost funds.

🏹The Alpaca Guard

Note: Oracle Guard only applies to LYF on AF1.0 where there is a direct dependency on a DEX price as the borrowed assets are deployed into an LP position. The mechanic is not applicable to AF2.0 Money Market since the absence of a specific pair identification makes it impossible to determine which DEX price source to utilize. On-chain Oracle Price (e.g., Chainlink) is used as a source of truth for Money Market.

Financial markets can be dangerous, my fellow Alpacas, which is why we’ve introduced something to protect you in the worst of times, from potential price manipulation, flash liquidation, and market failure. You may get nervous with other farms, but at Alpaca, you’ll never have anything to be nervous about, because this is much more than a new feature; this, is your new protector — the Alpaca Guard.

Some of you who used our platform may have noticed that certain functions were temporarily grayed-out such as opening positions on certain pairs. This was the Alpaca Guard in Protection Mode, keeping you safe from the dangers of the market.

To be specific, when the price of an asset in your farming pair has its on-chain price from the exchange that pair is on(PancakeSwap) differ more than 10% from the median of a batch of off-chain oracles we verify with, the Alpaca Guard enters Protection Mode; This consists of disabling liquidations, and opening/closing positions; all in order to protect you from trading at bad prices and taking an unjust loss.

Do note that you can still add collateral to positions while Alpaca Guard is activated, in case you find your Safety Buffer running low, though you will not be able to borrow more capital. You should also be aware that if you do not add collateral in a 50:50 ratio, the swap may happen at a sub-optimal price since Alpaca Guard activation implies prices may be misaligned.

So as you can see, the Alpaca Guard exists to protect you, and in fact, the Alpaca Guard saved a lot of users’ funds during the May 20th, 2021 market crash.

When the entire market flash crashed, the Alpaca Guard went into action, protecting many users’ positions from flash liquidations, allowing them to stay safe and keep farming once prices realigned and the Guard lifted Protection Mode. During this chaotic time, many users were prevented from losing their positions and trading at bad prices.

Feeling safer already? You should. 😄 The Alpaca Guard’s Protection Mode acts as an oracle delay, verifying price feeds consistently after activation(verification frequency varies depending on overall market volatility), which prevents large market orders from engaging in price manipulation(such as flash loans or margin orders). When the on-chain price moves far off from where it should be, this delay gives enough time for arb bots to push back that price to realignment either with other exchanges or a peg in the case of stablecoins and other pegged tokens.

In summary, the Alpaca Guard is watching your back. Yet, when he does activate Protection Mode, you don’t have to be worried either, because it’s also unlikely to stay on for long. Inevitably, arb bots will soon close the price divergence, letting the Alpaca Guard remove his protections and you to return to customizing your position, if you’d like.

The Venus Incident vs. Alpaca Guard

On 5/18/21, Venus had a major incident that created $200M+ USD in liquidations and $100M in bad debt. We won’t go into the details and there are differing accounts of what happened but you can read about it here and here. In any case, what we do know is that the ultimate culprit that caused the market dump on XVS was a series of cascading liquidations. Integrating Chainlink wasn’t enough to protect them. So it’s interesting to note that, in fact, if Venus had the Alpaca Guard, he would’ve blocked this incident from ever happening!

The Alpaca Guard would’ve frozen the system when price took the first drop, blocking this chain of liquidations from the start! What’s more is he may have even stopped the original price pump that allowed several users(attackers depending on who you ask) to over-borrow against an inflated XVS price.

How about PancakeBunny’s exploit on 5/19/21 for 200M? A flash loan attack. As it stands, that wouldn’t have gotten past the Alpaca Guard either! Not only does Alpaca Finance not work with flash loans, but the Alpaca Guard would’ve frozen the attack as soon as price made a drastic movement!

Well, it’s very unfortunate he wasn’t at either of those platforms, but that’s because he’s dedicated to his current job and thus, can only guarantee that one place is safe— Alpaca Finance.

So luckily for us, we don’t have to worry about any of these dangers, because the Alpaca Guard is also an Alpaca that lives on the farm, and he’ll never let the Llamas hurt you! 😄

Yet, even though the Alpaca Guard has demonstrated his strength, he never stops going to the gym and becoming stronger, so that he can protect us even better. In reality, you could say our devs are his personal trainers.

By that I mean, our team is working on adding even more mechanisms to his program, making his supreme defense all-powerful. One of these boosts is a debt cap on farming pools, one that varies per pool depending on liquidity, which would further block someone trying to manipulate price by opening a huge position. In the future, we’re even considering adding trailing debt caps. Ok, so what would that mean for Alpaca Guard? Imagine Arnold Schwarzenegger + Bruce Lee + Optimus Prime…

Yea, you can feel safe.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

In summary, we hope you’ve enjoyed meeting your new Alpaca bodyguard, protecting your assets from external threats.‌ Hence, if you ever find the Alpaca Guard in Protection Mode, you can rest assured that your assets are secured from any external factors until the markets realign, because that’s the Alpaca Guard’s job: standing guard over the herd, watching, and protecting all you young Alpacas.

PreviousRoadmapNextTransparency (Audits & Contracts)

Last updated

Was this helpful?