Contracts & Timelocks
Beefy's contracts do not use external oracles. The problem with oracles is, in short, that its data can be inaccurate or manipulated, and unreliable oracles can lead to exploits. Because Beefy's contracts do not rely on external data in any form, such as asset prices, our vaults are not susceptible to flashloan exploits.
Contracts are secured with timelocks and multi-sig dev wallets. A 6 hour timelock is used for agility to make needed changes to keep our contracts secure, and as an added layer of protection the timelock is governed by a 3/5 signer multisig.
Multi-signature developer wallets are used to deploy changes to contracts, such as upgrading vault strategies. This ensures a secure workflow where every change is approved by Beefy's developers.
Beefy's treasury spending is secured by requiring multiple signatures from trusted (community) members. As voted on by the DAO, the following members represent the Treasury Council: Power, AllTrades, Pablo, mjoaris, TBC, DefiDebauchery and YR2150. See the Treasury page for further information about the Beefy Treasury.