πŸ”’
Security
We take your safety very seriously.

Our Approach

The Byte Masons team is comprised entirely of Kernel0x security fellows, with a pair of smart-contract developers and a pair of front-end developers. We are meticulous in our development practice, and look over every line of code multiple times each before shipment. We take decentralized finance very seriously, and would never release software we aren't 100% sure is safe.
We back this up by putting our own funds into our software alongside yours. We believe wholeheartedly in our ability to deliver bug-free smart contracts, and seek to give you enough high-quality, real-time analytics to see everything is performing according to our specifications.
We have integrated fail-safes in our contracts to help protect you from 3rd party security failures. If a farm provider decides to exit-scam or is exploited, we can withdraw all funds and return them to the vault so you can remove them from the system without issue. We look over all contracts we integrate to ensure their farms don't have any backdoors, and will alert you of any potential vulnerabilities when we add them to our site.
Our approach in three statements:
  1. 1.
    Be Selective - Only partner with trusted, established protocols.
  2. 2.
    Be Cautious - Do not blindly chase whatever tech or protocol is currently in fashion.
  3. 3.
    Be Thorough - Double, triple, quadruple check your work. Have as many knowledgeable eyes review your code as possible.

Picking Partners

We can design the best crypts in the world and it would not matter if the underlying farm was a scam. We do our best to vet our potential partners to ensure we do not expose Reaper Farm users to unnecessary risks. To this end, we also evaluate the longevity of a partner. We have no interest in integrating protocols that are designed to shut down or fail after one year.

The Strategists

The developers who design new crypts are known as strategists, as they create the strategy contract that will operate inside the crypt. Our strategists are committed to the development of secure and functional code. We incentivize this commitment by offering strategists a share of all profits on crypts they have designed. This guarantees that it is in their best interest to produce quality contracts that can stand the test of time.

The Internal Process

The implementation of a new and relatively simple strategy proceeds like this:
  1. 1.
    Strategist proposes strategy to the team and it is either approved or denied.
  2. 2.
    Strategist writes up the code, adhering to basic guidelines (make sure every function works).
  3. 3.
    A pull request is made and the team conducts asynchronous reviews. This means team members review the code on their own and report findings later.
  4. 4.
    Once the code has been reviewed by four different security researchers it is passed over to our head of security, Goober. If he is unsatisfied, he passes it over to Bebis.
  5. 5.
    Once everyone is happy it goes live!
For more complicated strategies everything proceeds like above up to step 3:
4. After asynchronous reviews, the whole team gets on a call to conduct a synchronous review. Someone shares the code on their screen and everyone goes through the code line-by-line, together.
5. Upon Goober's approval, the strategy is pushed live on Pain.Finance for further production testing.
6. If there are no problems with the strategy on Pain.Finance it is moved to the main site.
The most complicated strategies, those with entirely novel features, are also subjected to a Certik audit prior to being posted on Pain. Finance. We retain Certik on a monthly contract for this express purpose.

Pain.Finance

​Pain Finance is the home for novel Reaper Farm strategies. Strategies on Pain use code that is new to DeFi or uses existing code in unique ways. In order to fully test these strategies they must undergo production testing. That means they have to actually see real use, ergo Pain.Finance.
To make sure eager users don't throw too much into these unique crypts we have implemented deposit caps. These deposit caps grow over the lifetime of the crypt and are removed entirely when the crypt is moved to the main site.

Security Disclosures

We have secured our contracts tightly against technical attack vectors, but there are still some things you should know before putting your money in our crypts.
Our vaults can be upgraded with new strategies
Though we likely won't be performing any upgrades, we maintain the ability to do so behind a 5-day Timelock. We will create additional transparency measures as we move further into beta so you can see if any Timelock has been activated from our front end. All our contracts are also verified on FTMScan, so you can check anytime to see if there have been any changes proposed.
Down the line, we would like to move these powers to governance. As our community expands, we will try our best to become as decentralized as possible. We expect a Gnosis deployment on Fantom in July or August, and will move all our keys there once it's available.
In the meantime, Justin Bebis of the Byte Masons holds upgrade powers and keys to the treasury. He practices extreme operational security and is ready to fend off even the most brutal cryptanalysis techniques.
Please rest assured we cannot take your coins from you while they're in our crypts.