1. Audits

• Audit report from BlockSec (Source)

• Audit report from PeckShield (Source)

2. Bug Bounty Program on ImmuneFi

ExtraFi runs a bug bounty program on ImmuneFi that rewards whitehats for reporting valid vulnerabilities in our code. You can find further information on this program here.

3. Partnered with InsurACE, a decentralized cover platform

Users can buy covers for their ExtraFi positions via the InsurAce app. Learn more here.

4. Secured by 'Chainlink Price Feeds' and 'TWAP Protection'

Time-Weighted Average Price (TWAP) model is implemented in Extra Finance's smart contract to safeguard against abnormal price fluctuations and potential malicious price manipulation.

Chainlink price feed is also aggregated on Extra Finance, it is used to avoid abnormal price fluctuation.

5. Constrained Admin Access

• No fund withdrawal function is designed for admin in smart contracts.

• Multi-sig authentication is implemented for contract configurations, such as parameters like protocol fee, liquidation threshold, reserve rate, etc.

• Upgrades on contract configurations are subject to a governance process, which includes a set of procedures and guidelines. This process involves multiple levels of review and approval from various stakeholders and serves to ensure transparency and consistency in managing changes to contract configurations.

• The 'owner' role of the EXTRA token contract has been invalidated, meaning that no further new mints are possible. (Verify Here)

6. Risk Control in Farming Pool Configurations

In order to mitigate the risk of lenders facing potential bad debt during market volatility and to safeguard leveraged users from possible liquidations due to inadequate liquidity, Extra Finance has instituted a series of measures for the listing of farming pools. These measures necessitate that these pools meet vital liquidity thresholds. Additionally, when configuring leveraged farming pools, careful consideration will be given to the following factors:

• Price Stability: The TVL of a liquidity pool, combined with the stability of the underlying assets' prices, will play a pivotal role in determining the maximum allowable leverage factor for a specific farming pool.

• Asset Credibility: Assets that are new to the market or possess lower credibility will be subject to restrictions on

  • The maximum leverage factor

  • The maximum value (or 'credit') that a leveraged pool can borrow from lending pools (This is why there are instances when users cannot open new positions, even if there are still assets available in the lending pools)

  • A lower debt ratio can be subject to liquidation, this implies that emerging asset liquidity pools could experience earlier liquidation compared to more established mainstream pools.

References:

1. https://github.com/blocksecteam/audit-reports/blob/main/solidity/blocksec_extrafinance_v1.0-signed.pdf

2. https://github.com/peckshield/publications/tree/master/audit_reports/PeckShield-Audit-Report-ExtraFi-v1.0.pdf