How DeFiHelper Keeps Your Funds Safe

DeFiHelper
3 min readMar 4, 2022

--

Security is a matter of life and death for all cryptocurrency users. How do we address it in DeFiHelper?

When designing the service, we built its foundations based on three core requirements:

  • Flexibility: the user can withdraw their funds at any time or perform actions manually, and the service should not be limited to certain contracts. The system must be universal and flexible in terms of connecting new protocols and blockchains, some of which don’t even exist yet.
  • Development speed: the protocol receives its commissions for automated actions it performs, and new protocols need to be quickly integrated into the DFH ecosystem.
  • Security: the service must not have access to the user’s private keys, and hacking any of the system’s separate components should not jeopardize clients’ funds.

These requirements have naturally led us to the decision to split the protocol into two layers.

The base layer is the DFH governance token, the governance system, and the voting mechanism. This layer is powered by the Ethereum blockchain network and controls everything in the protocol.

The second layer is full automation at the level of each individual protocol contract. The protocol currently works with the Ethereum, Binance Smart Chain, Polygon, Avalanche, and Moonriver networks.

It is essential to point out that DeFiHelper is a decentralized, non-custodial service and does not store users’ funds in liquidity pools. DFH has no control over users’ funds and the service cannot allocate them at will. Unlike AutoFarm and other similar applications, the protocol does not place its users’ funds in liquidity pools (vaults) and does not exchange the funds for liquidity pool tokens. Why is this an important factor to point out? When the funds are sent to the pool, the user loses control over them. If this protocol is hacked, partially or entirely, all the funds in the pool are placed at risk.

Our technical team has taken a different approach towards development. When the auto-staking function is activated or a custom automation is created using the constructor feature, DeFiHelper deploys an individual contract for each user. The source code of the contract is open, and anyone can check which functions are available to the owner of the contract, and which are designed for the service. Here is an example of a contract. Pay attention to the onlyOwner modifier, since it is assigned to methods that can only be called by the owner of the contract — the user of DFH.

The DeFiHelper architecture allows users to conduct transactions on the blockchain in the user’s stead and at the same time safeguards their funds. If the private keys of individual service modules (the Inspector or Consumer) are compromised, only the current balance of these wallets with accrued interest from auto-staking can be stolen, but the bulk of the deposit will remain intact. The most that an attacker can do is write off the funds to the treasury of the protocol. Any funds located in the treasury can be withdrawn only via the on-chain voting of DFH token holders.

The source code behind DeFiHelper’s smart contracts has been audited by HashEx. The code is open and anyone willing can check it for vulnerabilities and see which functions are available to the owner of the contract, and which are designed for the service.

Summary:

  • The protocol is architecturally divided into two layers to ensure a maximum degree of security, and transparency.
  • DeFiHelper does not have access to its users’ wallet private keys.
  • Users have full control over their funds.
  • DeFiHelper performs only the actions that users allow via a special contract that is always under their control.
  • DeFiHelper cannot lose its users’ deposits. This can only happen when the attack is directed from other vectors, such as a wallet hack or an attack on the protocol in which the deposit is kept.
  • The code behind DeFiHelper is open and has been audited by reputable information security specialists.

Links

DeFiHelper Website | Litepaper | News Channel (EN) | News Channel (RU) | Chat (EN) | Chat (RU) | Twitter | Discord | Github | Math Behind DeFiHelper

--

--

DeFiHelper

The most advanced non-custodial DeFi investment tool on the market