Contracts & Timelocks
All addresses used are open source and verifiable. A collection of useful addresses on Beefy's chains for DeFi development are stored on GitHub: Address Book.
From the Vault UI, one can easily find the Strategy addresses and Vault addresses. Additionally, all Beefy vault contracts can be viewed on dashboard.beefy.finance. One can use this dashboard for example to check the harvesting and compounding rate of a vault.
Beefy's contracts do not use external oracles. The problem with oracles is, in short, that its data can be inaccurate or manipulated, and unreliable oracles can lead to exploits. Because Beefy's contracts do not rely on external data in any form, such as asset prices, our vaults are not susceptible to flashloan exploits.
- DAI/USDC/USDT (Curve - Avalanche) vault code: https://snowtrace.io/address/0x79A44dc13e5863Cf4AB36ab13e038A5F16861Abc#code
- WBTC (Scream - Fantom) lending strategy code: https://ftmscan.com/address/0x4374207377C1A36e386A757B774D53a0B6Ff2cEE#code
- CAKE-BNB (PancakeSwap - BNB Chain) regular strategy code: https://bscscan.com/address/0xDE238C509bcCBCd91B90dE40dF3e25B43A131311#code
Contracts are secured with timelocks and multi-sig dev wallets. A 6 hour timelock is used for agility to make needed changes to keep our contracts secure, and as an added layer of protection the timelock is governed by a 3/5 signer multisig.
Multi-signature developer wallets are used to deploy changes to contracts, such as upgrading vault strategies. This ensures a secure workflow where every change is approved by Beefy's developers.
Beefy's treasury spending is secured by requiring multiple signatures from trusted (community) members. As voted on by the DAO, the following members represent the Treasury Council: Power, AllTrades, Pablo, mjoaris, TheBeefyCow, DefiDebauchery and YR2150.