Security and audits
Full details on the security and risk mitigation strategies that Gro has in place
At Gro we are committed to the highest quality of engineering and will use whatever tools are needed to produce a product exceptional in performance and safety. We have completed several audits and reviews of our smart contracts with Peckshield, Fixed Point solutions (Kurt Barry) and Code Arena. More information on this is available below.
In addition to audits, Gro offers a Bug Bounty program with Immunefi. The maximum payout has been raised from $60,000 to $1,000,000 and more information on this is available below.
Gro Bug Bounties | Immunefi

Managing Exposure

Gro Protocol portfolio is optimised also for stability and safety and not just the highest possible yields. Risk Balancer keeps track of exposure to tokens and protocols and keeps a running calculation of the maximum exposure allowable before compromising the integrity of the PWRD deposit protection. This allows the system to be resilient to failure of stablecoins or protocols.

Risk Balancing & Stability

Risk Balancer has mechanisms so that the user interactions themselves continuously push the system towards equilibrium by swapping in and out of under- or overexposed assets. If exposures despite this happens to go out of bounds at any time, the protocol will call a system rebalance to ensure equilibrium.

Attack Resistance

We have added various mechanisms to prevent common smart contract attacks.
  • Price & oracle manipulation: We use Curve to price assets during deposits and withdrawals for the most responsive and accurate asset pricing. Because Curve can be manipulated with flash loans, we are also sanity checking stablecoin price ratios with an external third-party price oracle (Chainlink).
  • Smart contract interactions: In the short term, we are blocking smart contracts from interacting with the protocol (only allowing tx.origin == msg.sender), which also acts as an additional flash loan attack protection.
  • Withdrawal fee: Finally, a small HODL contribution/bonus/fee prevents front-runners from taking advantage of harvests, and prevents attack vectors that would take advantage of minor price changes.

Reminder about Risk

DeFi is still a very new space, and while that's exciting, it comes with risk. Gro Protocol's software helps you access this world, but make sure you do your own research and only supply assets you can afford to lose.