SAFU fund to compensate users affected by serious incidents

In the light of the recent and important hacks occurred on BSC I’ve started to wonder whether an emphasis on security and even having the code audited is enough.

Projects are being exploited despite their legit team, their emphasis on security and audits by important firms. Not even their hard work suffices to avoid exploits or spot where the bug is once it has been exploited.

Which leads me to think that despite our efforts, bad things can happen and if they can happen, they’ll likely happen sooner or later.

That’s why I think it could be a good idea to put some funds apart in some kind of security fund that can be used to compensate user affected by some kind of exploit, hack, bug or whatever that could lead to a significant loss of funds that can’t be attributed to the user.

Kava protocol is implementing something similar.

Measures like this can be reassuring to the users and community.

What do you think?

3 Likes

I like it, for people that opt in to say a LP or viper pit(pitching in like 5% or whatever is decided by the Governance polls(would be a great reason to use it again)) could get a micro airdrop or something for adding in on a consistent basis. The . This could incentivize users to opt in raising a lot of the TVL of the safuuu fund. But this could also be bad because potential investors could think that the devs might be slacking(I know you guys aren’t) and this could be a cheap and convenient way to not ensure code is sound

A new article talking about the last exploit. This time it was Rari capital:

We’re looking at the actions of a cross-chain killer, who used the blood money from Value DeFi to fuel their attack on Rari Capital.

Be careful out there, guys.

I’ve been thinking that there might be the possibility of using DSLA protocol so that Viper can earn rewards for a good SLA and put those rewards into the compensation fund. And if for some reason Viper fails to deliver the SLA (because of an exploit or something) the DSLA protocol could be use to compensate users already taking part in DSLA plus those users who haven’t taken part could be compensated too by using the fund.
I think this is possible but I don’t know how to put it to work, which could be discussed with the DSLA team.

1 Like

I seem to remember Pujar mentioning that DSLA isn’t technically an insurance, so it wouldn’t be able to cover lost securities from a hack. Would need to set something up with Nexus Mutual. DSLA is more of a bonus/malus system that triggers on preset performance objectives (usually related to infrastructure)i.e. the Viperswap website went down for x hrs. At any rate, if there is anything left of that “bonus” Viper, I would put it towards insurance.

just curious, if they hack in whats stopping them from taking from the safu fund vs the open funds! haha

Thank you for this idea. The security of the exchange is of the utmost importance to the Viper Team. We will certainly take a look at this suggestion.

1 Like