About our security mechanisms
As you know, we have recently developed and migrated to a new version of ApeRocket called V2 with more possibilities, features and most importantly enhanced security.
Today through this post, we wanted to come back to the security aspect of the platform given the recent upsurge of attacks (especially flash loans) that are resulting from an increasingly massive adoption of cryptocurrencies.
When we created our V2, we studied the best way to secure our platform and it seemed obvious that the best solution was to include a block-lock system.
In order to understand how we can prevent these attacks, it is important to know how flash loans work.
How does a flash loan work:
The principle of a flash loan: an instant loan without any counterparty risk, which does not require any collateral, as long as it is repaid in a single transaction.
This feat is made possible by the way this loan is structured: the borrower must contract, use and repay the money in a single transaction on the blockchain. By this structure, the counterparty risk is zero because the money will only be lent if all three actions are executed in a certain way.
In steps this gives:
1) Borrowing a capital.
2) Use this capital to perform any desired logic. In case of an attack, it can be an atomic price manipulation etc.
3) Repay the debt with flash loan fees, keep the profit.
Note that technically the transaction must perform action 1 and 3 to be valid. In case of errors or bad manipulations, the transaction is cancelled and therefore less costly. It is used to do arbitrage, to keep an equilibrium in the liquidity of the various money market (keep the same price between Apeswap and Pancakeswap for example in case of any price difference between both exchanges), but it is also used by bad actors, to borrow a lot of capital needed to maximize their exploit gains.
What we have put in place to overcome this:
In order to maximize the security, we have restricted access to our contracts. Any projects or individuals that want to interact with our vaults using a contract need two things:
- Approval of the community from xSPACE holders.
- Approval from the core team with validation in terms of code quality, audits.
The second mechanism put in place to prevent economic attack is role management. Keeper is the role whose purpose is to calculate how much Space can be minted whenever a harvest occurs. No else can, only the keeper.
The third mechanism is block-lock. Key actions like deposit, withdraw, claim rewards are under a block lock. It means that you can’t perform these actions in the same transaction, even for us. This mechanism is an additional measure, but should not be useful because as explained above, no contract can interact with ApeRocket unless it’s whitelisted.
These mechanisms contribute to the security of the platform, but the risk 0 does not exist, especially in DeFi.
That is why we invite all the crack devs from our community to actively take part in the security of the platform thanks to a Bug Bounty Program and try to earn up to $100K. (Our application for an ImmuneFi program is under review at the moment, it should be up next week, in the meantime, we directly manage the bug bounty so you can DM us).
Head up to for more details: https://aperocket.gitbook.io/ape-rocket/security/bug-bounty-program
We hope that this will have helped you to see a little more clearly and to better understand these concepts inherent to blockchain. If you still have questions, don’t hesitate to contact us on Telegram, Discord or Twitter and we will be happy to answer you.