Astrolab's smart contract risks can be divided into two categories:
- Core contracts risks
- Third-party risks
Astrolab aims to involve the community to the fullest extent possible for both risk categories in order to ensure the safest evolution of the protocol.
Core contract risks
Astrolab’s core contracts are responsible for processing Crate accounting, optimizing routing to/from farming pools and communicating with other chains. A core contract failure would pose a systemic risk to the entire protocol.
Significant resources must therefore be allocated to ensure their integrity and that any attempted exploit is swiftly mitigated. This entails audits from third parties, in addition to other defensive measures such as upgradability and smart contract monitoring to pause the protocol should a threat be detected.
Governance can vote on measures such as ordering new audits, funding bug bounties and purchasing external insurance.
Thrid party risks
The protocol is exposed to third-party yield aggregation risks when depositing assets into farming pools. Internal auditing and due diligence should be performed before adding a new pool to any Crate portfolio. Adequate diversification should also mitigate excessive exposure to any farming pools.
Each pool receives a grade which reflects its underlying risk profile and expected profitability, and is used to decide where deposits are directed. A ‘Conservative Crate’ should not deposit into a risky pool, and an ‘Aggressive Crate’ should limit its exposure if the pool does not meet a safety threshold.
Smart contract risk assessment requires human intervention and as such cannot be fully automated. The Astrolab core team and community will jointly determine the optimal portfolio for each Crate.
Governance participation from users is highly incentivized to mitigate any potential downsides, as it is the stakers that bear the protocol’s risk. Teams of internal auditors can be assigned to review strategies, and a network of watchers can be tasked with warning Astrolab about risk increases pertaining to farmed protocols.