Security
Frequently Asked Questions (FAQ) for Gamma's audits and security measures
Has Gamma been audited?
Yes, Gamma has been audited several times. Please visit our Audits page to learn more and read our audits. Consensys Diligence and Arbitrary Execution conducted very thorough audits of our protocol.
Does Gamma have a bug bounty?
Yes, Gamma has a bug bounty with Immunefi for up to $50,000. Gamma is happy to discuss minor bugs and fixes case-by-case basis. Don't hesitate to contact us if you want to discuss a bug.
Why do you require token approvals on every deposit?
Gamma requires token approvals on every deposit for security purposes. Gamma feels the cost is minor compared to the security gains for additional approvals. Particularly on layer-2 networks.
Why are single-sided deposits not active?
Single-sided deposits have a reputation for being unsafe. They're prone to oracle manipulation. They require the protocol to swap some of the deposited tokens to deposit. This increases the costs associated with depositing. In concentrated liquidity, the pair ratio frequently changes, complicating single-sided deposits even more.
Gamma has some ideas about making single-sided deposits work. We left the option up on our user interface for when those solutions are available. They will be announced when they are.
How do you test your products before release?
Gamma goes through extensive testing procedures before and after updates are sent to production. Several individuals worldwide, with different skill levels, ISPs, wallets, browsers, hardware, and funds will evaluate changes before and after release. Everyone on the team is a "tester" and can report results on our testing workspace.
How does Gamma avoid oracle exploits?
Gamma's proxy contract uses time-weighted average price (TWAP) to ensure that inflated assets (typically via flash loan) are not deposited into our vaults. We consider it a major safety concern not to have the TWAP for our pools.
Is Gamma going to do more audits?
Gamma has plans to continue auditing its code throughout the life of the project.
How do I avoid phishing attacks while using Gamma?
Make sure you are always connecting to the proper URLs. We encourage you to click official links from our trusted pages. See our Troubleshooting / Help page for guides on how to increase your security.
Does Gamma control my funds when I'm providing liquidity?
Gamma is non-custodial. We do not control user funds. Gamma's vaults are designed to function in a decentralized manner, with no ability of team members to tamper with or use funds. In a testament to this, we have several legacy versions of our software still open to the public for access.
I received a DM from a team member. Is this legitimate?
No. The Gamma team will never DM you first. Consider all DMs a possible scam.
What has Gamma done differently than its predecessor, Visor Finance, concerning security?
After Visor merged with Gamma, a lot of operational changes were made.
1) Security audits with reputable firms were done immediately. These audits were intrusive, expensive, and time-consuming. They were also well worth it, and more will come.
2) Testing procedures were created. Extensive testing is now done on every update that pushes to production. Absolutely no updates are done without extensive testing.
3) Additional personnel were brought on, and some staff members were let go. Gamma brought in developers who took security very seriously.
4) The decision-making structure was changed. Clearer roles and responsibilities were given to individuals. The project's leadership was shaken up, and new decision-makers are in charge of Gamma.
Last updated