What is Smart Contract risk?

DeFi protocols rely on code to create a product - in Silo's case, a risk-isolated lending market.

Since code is written by humans, it is possible that a code base may contain vulnerabilities that are exploitable putting user funds at risk.

What precautions has Silo taken to prevent this?

There is no precaution that grants 100% protection against smart contract risk. However, Silo has undergone several audits, formal verification testing, and has a live bug bounty program.

We intend to continue this process for all major product releases to expose vulnerabilities before they have the opportunity to manifest.

Audits

Each of Silo's releases have been audited by external auditors that failed to expose any vulnerabilities in the code bases. This includes:

• ABDK Audit Report for Silo v1

• Quantstamp Audit Report for Silo v1

• Chainsecurity Audit Report for Curve LP Silos

We will continue to audit all new version of the protocol that contain major upgrades to our architecture - With over four already planned for our upcoming version 2.

Formal Verification Testing

Formal verification testing involves the repeated simulation of contract interactions against a series of written rules. This is a supplement to auditing that aims to reveal issues that may not have been exposed in a manual review.

Formal verification testing has been conducted via Certora and includes:

• Certora Formal Verification Report for Silo v1

• Certora Formal Verification Report for Chainlink Price Provider

We will continue this process for all major releases.

Bug Bounty Program

Bug bounty programs allow community whitehats to search our code for vulnerabilities in exchange for a bounty.

The bug bounty program is live on Immunefi.