gro Docs
dAppBlogVideosTwitter
Search…
Gro Protocol
PWRD & Vault
Understanding PWRD & Vault
System exposure
Vault <-> PWRD interaction
PWRD Stablecoin
Vault
Smart contract interaction
Fees
Pools
Understanding Pools
How to stake & unstake
GRO tokens
Understanding Tokenomics
Vesting mechanism
How to claim rewards
How to track GRO rewards
DAO Governance
Governance
DAO Treasury
Grants program
LABS (Avalanche)
Understanding Labs
Case study: AVAX price drops
How to deposit into Labs
How to migrate to new Labs
FAQs
dapp: wallet connections
Metamask
Argent
Protocol security
Audits
Bug Bounty
Safety mechanisms
Contract addresses
PWRD & Vault
Pools & Vesting
Labs (Avalanche)
Frequently Asked Questions
General FAQs
Vote 16: FAQs
Official links
gro Home Page
Roadmap
Discord
Telegram Announcements
Telegram Discussion
Twitter
Community Forum
Snapshot votes
Archives
"Gro 4 All" Airdrop
"Early Frens" Airdrop
Gro DAO token launch (LBP)
Introduction to DeFi
Powered By GitBook
Safety mechanisms

Managing Exposure

Gro Protocol is optimised also for stability and safety and not just the highest possible yields. Risk Balancer keeps track of exposure to tokens and protocols and keeps a running calculation of the maximum exposure allowable before compromising the integrity of the PWRD deposit protection. This allows the system to be resilient to failure of stablecoins or protocols.

Risk Balancing & Stability

Risk Balancer has mechanisms so that the user interactions themselves continuously push the system towards equilibrium by swapping in and out of under- or overexposed assets. If exposures despite this happens to go out of bounds at any time, the protocol will call a system rebalance to ensure equilibrium.

Attack Resistance

We have added various mechanisms to prevent common smart contract attacks.
  • Price & oracle manipulation: We use Curve to price assets during deposits and withdrawals for the most responsive and accurate asset pricing. Because Curve can be manipulated with flash loans, we are also sanity checking stablecoin price ratios with an external third-party price oracle (Chainlink). Learn more about this in the next section.
  • Smart contract interactions: In the short term, we are blocking smart contracts from interacting with the protocol (only allowing tx.origin == msg.sender), which also acts as an additional flash loan attack protection.
  • Withdrawal fee: a small withdrawal fee of 0.5% prevents front-runners from taking advantage of harvests, and prevents attack vectors that would take advantage of minor price changes.
  • Strategy slippage control: if a withdrawal would cause over 1% in slippage due to its size relative to the assets allocated to the strategy from which it pulls funds, the withdrawal would not be able to proceed. Please reach out in Gro discord if this is the case.

Price & oracle manipulation: mitigated by safety checks

A "safety check" is implemented to ensure deposits and withdrawals are not affected by price oracle manipulations. This check compares the relative price of DAI, USDC, and UST cached in the last harvest and Chainlink. Learn more about it below:
Gro Integrates Industry-Leading Oracle Solution Chainlink for Enhanced Price Accuracy
Medium
If safety check returns false, deposits and withdrawals would be paused until Chainlink and Curve agree on the stablecoin prices. This is because both DepositHandler and WithdrawHandler smart contracts require the safety check to be True for transactions.
If you are trying to make transactions on the dApp when this happens, you would get a "Recalibration in Progress" notification.
You can also see if the safety check returns false by viewing the safetyCheck variable in the Buoy3pool smart contract here. See the screenshot below showing when it returns True.
When the safetyCheck returns False, deposits and withdrawals would be put on pause (see the following _withdraw function line 5 for implementation). You can see the deposit equivalent in DepositHandler contract which you can find in Protocol operations
1
function _withdraw(WithdrawParameter memory parameters) private {
2
IController _ctrl = ctrl;
3
IBuoy _buoy = buoy;
4
_ctrl.eoaOnly(msg.sender);
5
require(_buoy.safetyCheck(), "!safetyCheck");
6
​
7
uint256 deductUsd;
8
uint256 returnUsd;
9
uint256 lpAmountFee;
10
uint256[N_COINS] memory tokenAmounts;
11
12
uint256 virtualPrice = _buoy.getVirtualPrice();
13
if (parameters.all) {
14
deductUsd = _ctrl.getUserAssets(parameters.pwrd, parameters.account);
15
returnUsd = deductUsd.sub(deductUsd.mul(withdrawalFee(parameters.pwrd)).div(PERCENTAGE_DECIMAL_FACTOR));
16
lpAmountFee = returnUsd.mul(DEFAULT_DECIMALS_FACTOR).div(virtualPrice);
17
18
} else {
19
uint256 userAssets = _ctrl.getUserAssets(parameters.pwrd, parameters.account);
20
uint256 lpAmount = parameters.lpAmount;
21
uint256 fee = lpAmount.mul(withdrawalFee(parameters.pwrd)).div(PERCENTAGE_DECIMAL_FACTOR);
22
lpAmountFee = lpAmount.sub(fee);
23
returnUsd = lpAmountFee.mul(virtualPrice).div(DEFAULT_DECIMALS_FACTOR);
24
deductUsd = lpAmount.mul(virtualPrice).div(DEFAULT_DECIMALS_FACTOR);
25
require(deductUsd <= userAssets, "!withdraw: not enough balance");
26
}
27
uint256 hodlerBonus = deductUsd.sub(returnUsd);
28
​
29
bool whale = _ctrl.isValidBigFish(parameters.pwrd, false, returnUsd);
30
​
31
32
if (parameters.balanced) {
33
(returnUsd, tokenAmounts) = _withdrawBalanced(
34
parameters.account,
35
parameters.pwrd,
36
lpAmountFee,
37
parameters.minAmounts,
38
returnUsd
39
);
40
41
} else {
42
(returnUsd, tokenAmounts[parameters.index]) = _withdrawSingle(
43
parameters.account,
44
parameters.pwrd,
45
lpAmountFee,
46
parameters.minAmounts[parameters.index],
47
parameters.index,
48
returnUsd,
49
whale
50
);
51
}
52
​
53
_ctrl.burnGToken(parameters.pwrd, parameters.all, parameters.account, deductUsd, hodlerBonus);
54
​
55
emit LogNewWithdrawal(
56
parameters.account,
57
_ctrl.referrals(parameters.account),
58
parameters.pwrd,
59
parameters.balanced,
60
parameters.all,
61
deductUsd,
62
returnUsd,
63
lpAmountFee,
64
tokenAmounts
65
);
66
}
Copied!
​

Reminder about Risk

DeFi is still a very new space, and while that's exciting, it comes with risk. Gro Protocol's software helps you access this world, but make sure you do your own research and only supply assets you can afford to lose.
Protocol security - Previous
Bug Bounty
Next - Contract addresses
PWRD & Vault
Last modified 12d ago
Copy link
Contents
Managing Exposure
Risk Balancing & Stability
Attack Resistance
Price & oracle manipulation: mitigated by safety checks