Links

Security FAQ

Q: How does BendDAO stay secure?

A: BendDAO team has spent all the necessary resources in order to ensure that the protocol matches the highest security standards.
https://docs.benddao.xyz/portal/risk/security-and-audits

Q: How can timelocks protect users?

A: Timelocks are used to add a delay of key operations such as contracts upgrading and token transferring, enabling users to know the operations and take action before the protocol operations really take effect. This time delay gives users a chance to exit protocol if the team becomes malicious or compromised.
  • All boundNFT Protocol Contracts - 7 days timelocks
  • All BendDAO Lending Protocol Contracts - 24 hours timelocks

Q: How can users monitor timelocks?

A: Users can set up alerts using Etherscan. Emails will be sent once any contract change is confirmed on a contract address including funds transactions and protocol upgrades. Here is the guide on how to set up email notifications. https://info.etherscan.com/watch-list/
All boundNFT Protocol Contracts - 7 days timelocks: https://etherscan.io/address/0x4e4C314E2391A58775be6a15d7A05419ba7D2B6e
All BendDAO Lending Protocol Contracts - 24 hours timelocks: https://etherscan.io/address/0x652DB942BE3Ab09A8Fd6F14776a52ed2A73bF214

Q: Why does BendDAO use upgradeable proxy contracts?

A: The reason why we use an upgradeable proxy for the BendDAO contracts is to make sure the funds are safe. The team can improve the functionality with the upgradeable proxy if some bugs are found.
To avoid trust issues, all contracts have timelocks. Timelocks are a smart contract feature that states that upgrades will only be performed after a certain period of time rather than immediately. All users have a window of time to take action before upgrades really take effect.
  • All boundNFT Protocol Contracts - 7 days timelock
  • All BendDAO Lending Protocol Contracts - 24 hours timelock

Q: I worry about the rug pull, what if BendDAO rug pull?

A: A rug pull in the crypto is when the team suddenly abandons a project and sells or removes all its liquidity from the Dex.
DAO members instead of the team provide all BEND/ETH liquidity on Uniswap. The first team token release will happen on May 9th, 2023 at 14:29 UTC. The team doesn’t have any BEND tokens now.

Q: What if the BendDAO team takes away all bluechip NFTs and ETH from the lending pool?

A: Technically, only the borrowers’/ lenders’ addresses can call the withdrawal function. More details of the BendDAO protocol: https://github.com/BendDAO

Q: What if the BendDAO team whitelists their addresses to withdraw all bluechip NFTs and ETH from the lending pool?

A: Technically, the team is not able to do that. But even if the team can, there will be a delay in implementation because of the timelocks. Timelocks enable users to know the updates and take action before the protocol upgrades really take effect. This time delay gives users a chance to withdraw all assets and exit the protocol if the team becomes malicious or compromised.
More details of the BendDAO protocol: https://github.com/BendDAO

Q: Any insurance for BendDAO smart contracts?

A: No. Since insurance would not work for scalable protocol. And no insurance really covered the loss of DeFi exploitations before. Secure operations and audits are the keys to diminishing risks of security vulnerabilities instead of insurance.