Risks & Exploit Policy
Risks of using Hundred Finance and external exploit policy
Supplying liquidity to Hundred Finance does not come without significant risks. Before making any deposit, it is essential that users research and understand these risks and those involved when interacting with all forms of decentralized and trustless technology. These risks include but may not be limited to:
- Smart Contract Risk: Contracts are software and, as such, may contain bugs. It is possible that an audit catches these bugs but this is not always the case. In addition, even when contract-level bugs do not exist internally, interactions between different contracts can have unforeseen consequences that create vulnerabilities that can lead to the loss of user funds.
- Bridge Risk: Token bridges are a fledgling sector within the cryptocurrency industry and have demonstrated a high susceptibility to attack. Risks include the over-minting of assets across bridges or the draining of bridge liquidity. Both of these eventualities could be used in conjunction with a lending platform to perform an exploit that results in the loss of user funds.
- Oracle Risk: Oracles work on the principle that they have the same price across all chains. Should a localized asset price diverge from this global price, be set incorrectly, or not updated sufficiently rapidly, a vulnerability to exploitation may emerge. For example, in a case where a paused or drained bridge or bridges prevents the crosschain transfer of assets, a particular chain may see its version of said asset become unpegged from the oracle price. In such circumstances the oracle price will not account for this, potentially leading to an exploitable situation in which assets facilitate the borrowing of funds of greater value than the local version of the collateral "backing" them. Should the underlying assets fail to return to the oracle price, this would result in the under collateralization of the local deployment and the loss of user funds.
- Common Pool Risk: Assets supplied to money markets become a part of a common pool. This means that an issue affecting a single asset among them can impact the available liquidity of all the others, putting user funds at risk.
Every effort is made to ensure that user funds supplied to the Hundred Finance protocol are held within secure contracts that have been subject to audits, where appropriate. Furthermore, risk management procedures and specialized contracts have been designed for use with Hundred Finance that allow for an emergency response (manually pausing certain protocol functions) in situations deemed to merit their use. Yet despite these initiatives, crypto remains a fledgling industry and one susceptible to high levels of risk.
Hundred Finance must itself be considered to be in its 'beta phase' and only used following reasonable due diligence. Furthermore, as projects and infrastructure outside of Hundred Finance may influence assets that interact with the protocol, the vulnerability to exploitation of these externalities should also be considered before use as these factors may expose the protocol to additional risk, while also limiting the effectiveness of procedures designed to respond to an emergency.
In light of the protocol's inability to dictate the actions of others, as well as Hundred Finance's own status as emerging technology, it is not possible to guarantee the distribution of any form of compensation or the carrying out of fund recovery processes in situations where failures in external contracts or procedures result in a loss of funds.