Difference between revisions of "Rari Capital (RFT)"

From CryptoWiki

wiki_crypto>Zeb.dyor
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Rari Capital is a [[Yield Farming|yield]] harvesting tool that automatically rebalances your funds between different protocols to [[earn]] the best return.
==Basics ==
==Basics ==
* Based in: [https://www.forbes.com/sites/rorymurray/2020/08/03/teen-crypto-entrepreneurs-may-be-the-real-adults-in-the-room/?sh=4ee070cf4ce8 LA]
* Based in: [https://www.forbes.com/sites/rorymurray/2020/08/03/teen-crypto-entrepreneurs-may-be-the-real-adults-in-the-room/?sh=4ee070cf4ce8 LA]
*Founded in:
* [[Mainnet]] release: [https://medium.com/rari-capital/rari-capital-is-now-live-9c0820944d77 14-7-2020]
* [[Mainnet]] release: [https://medium.com/rari-capital/rari-capital-is-now-live-9c0820944d77 14-7-2020]
* Rari Capital is a [[Yield Farming|yield]] harvesting tool that automatically rebalances your funds between different protocols to earn the best return.
== History ==
== History ==


* The young team created a [[wallet]] called Ambo and sold it to [[MyCrypto]] and worked there for one and a half year before working on this project ([https://www.forbes.com/sites/rorymurray/2020/08/03/teen-crypto-entrepreneurs-may-be-the-real-adults-in-the-room/?sh=4ee070cf4ce8 8-3-2021]).
* Agreed to a [https://decrypt.co/250195/sec-charges-another-defi-platform-cant-hide-behind-decentralization cease-and-desist order] of the [[Securities and Exchange Commission (SEC)|SEC]] (19-9-2024).
*The young team created a [[wallet]] called Ambo and sold it to [[MyCrypto]] and worked there for one and a half year before working on this project ([https://www.forbes.com/sites/rorymurray/2020/08/03/teen-crypto-entrepreneurs-may-be-the-real-adults-in-the-room/?sh=4ee070cf4ce8 8-3-2021]).


== Audits & Exploits ==
== Audits & Exploits ==


*[[Bug bounty]] program can be found [insert here].
*Rari's is [https://immunefi.com/bounty/tribedao/ covered] by the Tribe's $2.2m [[bug bounty]] (2-6-2022).
*Scored [https://www.defisafety.com/app/pqrs/449 30%] on [[DeFi Safety]] (2-6-2022), it went down substantially due to multiple hacks:
''"As per the SLOC, there is 65% testing to code (TtC). There is no documented test report by Rari's developers. In addition, there is no code coverage report. Rari has not undergone [[Formal Verification|formal verification]]. Rari does not document whether or not they use testnets. However, other sources [https://cryptominded.com/rari-fuze-hacker-offered-10m-bounty-by-fei-protocol-to-return-80m-loot/ identify] that they use internal testnets. All of Rari's products have been audited multiple times. Some were [https://github.com/Rari-Capital/vaults/tree/main/audits/Fixed-Point-Solutions pre-deployment] and some were [https://certificate.quantstamp.com/full/fuse-contracts post-deployment]."''
 
With the [https://t.me/c/1453353094/9404 comment]:
 
''"Despite some good (yet relatively disorganized) documentation, clear contract information, and a big bug bounty offering, an unfortunate [[Reentrancy Attack|re-entrancy attack]] still occurred. However, Rari should be congratulated for its nimble auditing record. While only their vaults are documented in their repo, all Rari products have been audited at some point. In addition, there's great software function documentation covering all contracts.''
 
''Despite this, there is no clear information relating to how their admins are controlled, owned, or what capabilities for change they possess. It is also unclear what timelock process is in place and there is no information relating to pausability in case of emergency either. In addition, how their [[oracles]] function and flashloan, as well as frontrunning countermeasures, aren't clearly considered. Generally speaking, their repository could benefit from some restructuring to make navigation and subsequently improvements a little easier."''
*Previously [https://defisafety.com/2021/03/20/rari-capitol/ scored] a 74% (20-3-2021); ''"​Rari capital was released in October 20th. [[Quantstamp]] did an [https://www.notion.so/Rari-Capital-Audit-Quantstamp-December-2020-24a1d1df94894d6881ee190686f47bc7 audit] in December 2020." ''With the [https://t.me/c/1453353094/2691 comment]: ''"Good docs but weak tests and an audit done after deployment weakened the score."''
*Quantstamp audited the later hacked code ([https://twitter.com/Darrenlautf/status/1417493473385660433/photo/1 20-7-2021]).
*[https://thedefiant.substack.com/p/aaves-3m-token-sale-reveals-its-a?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo3MjU5MjAsIl8iOiIwb3pkOCIsImlhdCI6MTU5NTExMTAxMCwiZXhwIjoxNTk1MTE0NjEwLCJpc3MiOiJwdWItMTEyNTkiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.OBkGcAJ-vx4M3Ii7uEk8siMgVYE0d6zes7mhpCQ2iZ8 From] [[The Defiant]] (16-7-2020): Rari is in progress with an audit and hence unaudited. 
*[https://thedefiant.substack.com/p/aaves-3m-token-sale-reveals-its-a?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo3MjU5MjAsIl8iOiIwb3pkOCIsImlhdCI6MTU5NTExMTAxMCwiZXhwIjoxNTk1MTE0NjEwLCJpc3MiOiJwdWItMTEyNTkiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.OBkGcAJ-vx4M3Ii7uEk8siMgVYE0d6zes7mhpCQ2iZ8 From] [[The Defiant]] (16-7-2020): Rari is in progress with an audit and hence unaudited. 
*[https://defisafety.com/2021/03/20/rari-capitol/ Scored] a 74% on [[DeFi Safety]] (20-3-2021); ''"​Rari capital was released in October 20th. [[Quantstamp]] did an [https://www.notion.so/Rari-Capital-Audit-Quantstamp-December-2020-24a1d1df94894d6881ee190686f47bc7 audit] in December 2020." ''With the [https://t.me/c/1453353094/2691 comment]: ''"Good docs but weak tests and an audit done after deployment weakened the score."''
*Quantstamp audited the later hacked code ([https://twitter.com/Darrenlautf/status/1417493473385660433/photo/1 20-7-2021]).


=== Bugs/Exploits ===
=== Bugs/Exploits ===


* [https://weekinethereum.substack.com/p/week-in-ethereum-news-february-5 From] [[Week In Ethereum|Week in Ethereum]] (5-2-2022):
* [https://newsletter.blockthreat.io/p/blockthreat-week-17-2022?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJfIjoicTgvVWsiLCJpYXQiOjE2NTMwNDMzNTYsImV4cCI6MTY1MzA0Njk1NiwiaXNzIjoicHViLTgxMDUiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.m8dAg21p-Zeb4OQ7gzXAJZYJRR0v_Nvq4r6ViV8Q2Ik&s=r From] Blockthreat (3-5-2022):
''"On April 30, 2022 [[Fei Protocol (FEI)|Fei]] Protocol’s Rari pools on Ethereum and [[Arbitrum]] networks [https://rekt.news/fei-rari-rekt/ lost $80M] as a result of a [[Reentrancy Attack|reentrancy exploit]]. Rari Capital patched a price [[oracle]] manipulation [https://medium.com/@hacxyk/we-rescued-4m-from-rari-capital-but-was-it-worth-it-39366d4d1812 vulnerability] in one of its pools after it was responsibly disclosed by Hacxyk."''
*[https://weekinethereum.substack.com/p/week-in-ethereum-news-april-2-2022?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo1MTQ3MzE3NywiXyI6InhiVzljIiwiaWF0IjoxNjQ5MTI1NDExLCJleHAiOjE2NDkxMjkwMTEsImlzcyI6InB1Yi0xMDcxIiwic3ViIjoicG9zdC1yZWFjdGlvbiJ9.lsVd0F6YjPCJXM7TZr7Dcg9sDyMQ2cdM7H-r9xUyYXw&s=r From] [[Week In Ethereum|Week in Ethereum]] (2-4-2022):
''"Rari Capital: [[Fuse]] pool vulnerability [https://medium.com/@JackLongarzo/rari-capital-fuse-security-upgrade-report-e5d154c16250 disclosed], cross-asset reentrancy allowed assets to be borrowed for free, pools fixed via upgrade"''
*[https://weekinethereum.substack.com/p/week-in-ethereum-news-february-5 From] [[Week in Ethereum]] (5-2-2022):


''"[[Index Coop (INDEX)|Index Coop]] Rari pool [https://twitter.com/NoahCitron/status/1487605582584418305 attempted] attack, [[Uniswap (UNI)|Uniswap]] V3 [[TWAP]] [[oracle]] manipulation prevented by arb bot, attacker lost 68 [[Ethereum (ETH)|ETH]]."''
''"[[Index Coop (INDEX)|Index Coop]] Rari pool [https://twitter.com/NoahCitron/status/1487605582584418305 attempted] attack, [[Uniswap (UNI)|Uniswap]] V3 [[TWAP]] [[oracle]] manipulation prevented by arb bot, attacker lost 68 [[Ethereum (ETH)|ETH]]."''
Line 30: Line 43:
*[https://cryptobriefing.com/after-11m-hack-rari-capital-team-reimburse-lost-funds/ From] [[Crypto Briefing]] (10-5-2021):
*[https://cryptobriefing.com/after-11m-hack-rari-capital-team-reimburse-lost-funds/ From] [[Crypto Briefing]] (10-5-2021):


''"All of the protocol contributors decided to forego their token allocation in RGT to reimburse anyone affected by the hack. The 2,000,000 RGT (currently worth over $20 million) have been sent to the [[Decentralised Autonomous Organisation (DAO)|DAO]] in charge of both reimbursing lost funds and rewarding those who helped Rari fight the attack."''
''"All of the protocol contributors decided to forego their [[token]] allocation in RGT to reimburse anyone affected by the hack. The 2,000,000 RGT (currently worth over $20 million) have been sent to the [[Decentralised Autonomous Organisation (DAO)|DAO]] in charge of both reimbursing lost funds and rewarding those who helped Rari fight the attack."''


*[https://www.rekt.news/rari-capital-rekt/ From] [[Rekt]] (8-5-2021):
*[https://www.rekt.news/rari-capital-rekt/ From] [[Rekt]] (8-5-2021):


''"The youthful yield aggregator has fallen victim to a serial attacker, as the [https://twitter.com/JohnDoughBull/status/1391050085161656320?s=20 same] [[wallet]] which attacked [[Value DeFi]] only hours before, turned their eyes onto the Rari Capital [[Ethereum (ETH)|ETH]] pool, removing $10 million worth of ETH. The attacker decided to voice their opinion on the involved protocols, but it seems they had second thoughts, as they tried to cancel the [[Transaction (Tx)|transaction]]. However, they set the gas too low and the cancellation didn’t go through for 20 minutes, giving everyone time to see their message."''
''"The youthful yield aggregator has fallen victim to a serial attacker, as the [https://twitter.com/JohnDoughBull/status/1391050085161656320?s=20 same] [[wallet]] which attacked [[Value DeFi]] only hours before, turned their eyes onto the Rari Capital [[Ethereum (ETH)|ETH]] pool, removing $10 million worth of ETH. The attacker decided to [[voice]] their opinion on the involved protocols, but it seems they had second thoughts, as they tried to cancel the [[Transaction (Tx)|transaction]]. However, they set the gas too low and the cancellation didn’t go through for 20 minutes, giving everyone time to see their message."''


== Governance ==
== Governance ==
=== DAO ===
=== Admin Keys ===
=== Treasury ===
 
* [https://www.defisafety.com/app/pqrs/449 From] [[DeFi Safety]] (2-6-2022):
 
''"No [[Admin Key|admin control]] information is detailed in Rari's documentation. The relevant [[Smart Contract (SC)|contracts]] are not identified as [[immutable]] / upgradeable. Ownership is not clearly indicated in Rari's documentation. There is a [https://etherscan.io/address/0xD291E7a03283640FDc51b121aC401383A46cC623 brief mention] of a Rari governance token, but there is no explanation as to what it does. Smart [[contract]] change capabilities are not identified in any of Rari's [[contracts]]. This protocol's pause control is not documented. Rari has no [[timelock]] documentation."''
== Token ==
== Token ==
=== Launch ===
=== Launch ===
=== Token allocation ===
=== Token allocation ===
* From their [https://medium.com/rari-capital/announcing-rgt-the-long-term-yield-token-b2593502a7f3 blog] (7-10-2020):
* From their [https://medium.com/rari-capital/announcing-rgt-the-long-term-yield-token-b2593502a7f3 blog] (7-10-2020):
"''We will be distributing 87.50% of the token to depositors within a short 60 day period. The remaining tokens will be reserved for the team and subject to The Rari Vesting Plan."''
"''We will be distributing 87.50% of the token to depositors within a short 60 day period. The remaining [[tokens]] will be reserved for the team and subject to The Rari Vesting Plan."''


=== Utility ===
=== Utility ===
* [https://thedefiant.substack.com/p/aaves-3m-token-sale-reveals-its-a?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo3MjU5MjAsIl8iOiIwb3pkOCIsImlhdCI6MTU5NTExMTAxMCwiZXhwIjoxNTk1MTE0NjEwLCJpc3MiOiJwdWItMTEyNTkiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.OBkGcAJ-vx4M3Ii7uEk8siMgVYE0d6zes7mhpCQ2iZ8 From] [[The Defiant]] (16-7-2020):
* [https://thedefiant.substack.com/p/aaves-3m-token-sale-reveals-its-a?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJwb3N0X2lkIjo3MjU5MjAsIl8iOiIwb3pkOCIsImlhdCI6MTU5NTExMTAxMCwiZXhwIjoxNTk1MTE0NjEwLCJpc3MiOiJwdWItMTEyNTkiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.OBkGcAJ-vx4M3Ii7uEk8siMgVYE0d6zes7mhpCQ2iZ8 From] [[The Defiant]] (16-7-2020):
''"It takes [[COMP]] mined from lending Rari funds on Compound and liquidates COMP every 3 days to increase interest payments to RFT token holders, which is just the IOU token you receive in your [[wallet]] when you deposit stablecoins into Rari."''
''"It takes [[COMP]] [[mined]] from lending Rari funds on Compound and liquidates COMP every 3 days to increase interest payments to RFT token holders, which is just the IOU token you receive in your [[wallet]] when you deposit stablecoins into Rari."''
* From their [https://medium.com/rari-capital/announcing-rgt-the-long-term-yield-token-b2593502a7f3 blog] (7-10-2020):
* From their [https://medium.com/rari-capital/announcing-rgt-the-long-term-yield-token-b2593502a7f3 blog] (7-10-2020):
''"The $RGT will have a few different roles:''
''"The $RGT will have a few different roles:''
# ''Maintaining Governance: decisions to integrate new protocols, edit pool parameters, edit risk parameters, etc''
# ''Maintaining [[Governance]]: decisions to integrate new protocols, edit pool parameters, edit risk parameters, etc''
# ''Passthrough Governance: if a pool accumulates other tokens like $[[COMP]], $[[BAL]], the token can serve as a passthrough for their governance''
# ''Passthrough Governance: if a pool accumulates other tokens like $[[COMP]], $[[BAL]], the token can serve as a passthrough for their governance''
# ''Fee Discounts: the token can be used for fee discounts from the Rari Protocol''
# ''Fee Discounts: the token can be used for fee discounts from the Rari Protocol''
''$RGT will be [[burned]] on every cent made by the protocol (70% of all revenues to be exact), decreasing the total supply of the token as the protocol succeeds."'' 
''$RGT will be [[burned]] on every cent made by the protocol (70% of all revenues to be exact), decreasing the total supply of the token as the protocol succeeds."'' 
=== Token Details ===
=== Stablecoin ===
== Coin Distribution ==
== Tech ==
== Tech ==


* [[Whitepaper]] can be found [insert here].
* [[Whitepaper]] or docs can be found [https://docs.rari.capital/ here].
* Code can be viewed [insert here].
* Code can be viewed [https://github.com/Rari-Capital here]. [https://www.defisafety.com/app/pqrs/449 From] [[DeFi Safety]] (2-6-2022):
''"Their FUSE repository has some 330 [[Smart Contract (SC)|contracts]], making this tribe's history a well documented cave painting."''
* Built on: [[Melon (MLN)|Melon]], [https://medium.com/paradigm-fund/defi-in-ether-aave-v2-on-mainnet-yearn-merges-defi-looprings-zkrollup-amm-is-here-gnosisdao-2e707a419e3d From] [[Paradigm]] (8-12-2020):
* Built on: [[Melon (MLN)|Melon]], [https://medium.com/paradigm-fund/defi-in-ether-aave-v2-on-mainnet-yearn-merges-defi-looprings-zkrollup-amm-is-here-gnosisdao-2e707a419e3d From] [[Paradigm]] (8-12-2020):
"<em>Rari Capital will migrate its [[liquidity]] to its own fund on the Melon (soon to be rebranded!) Protocol in the coming weeks following the release of Melon v2."</em>
"<em>Rari Capital will migrate its [[liquidity]] to its own fund on the Melon (soon to be rebranded!) Protocol in the coming weeks following the release of Melon v2."</em>
Line 71: Line 84:
''"We automatically rebalance the funds to earn yield by:''
''"We automatically rebalance the funds to earn yield by:''
# ''Lending between lending protocols (ie [[Compound]] Finance, [[dYdX]])''
# ''Lending between lending protocols (ie [[Compound]] Finance, [[dYdX]])''
# ''Swapping between [[stablecoins]] for arbitrage and yield optimization''
# ''Swapping between [[stablecoins]] for [[arbitrage]] and yield optimization''
# ''Farming yield from protocol-based rewards (ie $COMP)"''
# ''Farming yield from protocol-based rewards (ie $COMP)"''
=== Other Details ===
* Has [https://medium.com/mstable/rari-capital-enhances-roboadvisor-platform-with-addition-of-mstable-musd-df3f7b53d544 integrated] [[mStable]] mUSD (25-9-2020)


=== Fee Mechanisms ===
== Oracle Method ==


=== Upgrades ===
* [https://www.defisafety.com/app/pqrs/449 From] [[DeFi Safety]] (2-6-2022):


=== Staking ===
''"The protocol's [[oracle]] source is documented at this location. The contracts dependent are not identified. There is no relevant software function documentation. This protocol documents no [[Frontrunners|front running]] mitigation techniques. Rari documents no [[Flash Loan|flashloan]] countermeasures."''
=== Different Implementations ===
=== Interoperability ===
=== Other Details ===
* Has [https://medium.com/mstable/rari-capital-enhances-roboadvisor-platform-with-addition-of-mstable-musd-df3f7b53d544 integrated] [[mStable]] mUSD (25-9-2020)


== Oracle Method ==
== Privacy Method ==
== Compliance ==
== Compliance ==
* [https://decrypt.co/250195/sec-charges-another-defi-platform-cant-hide-behind-decentralization From] [[Decrypt (DCPT)|Decrypt]] (19-9-2024):
''"The United States [[Securities and Exchange Commission (SEC)]] announced that it has reached an agreement to settle previously unannounced charges against Rari Capital.''
''The regulator alleged that Rari Capital and co-founders [[Jai Bhavnani]], Jack Lipstone, and David Lucid misled investors and that the platform served as an unregistered broker. Rari Capital's platforms held more than $1 billion worth of assets at one point, the SEC said.''
''Rari Capital and the founders did not admit or deny the SEC's allegations, but agreed to various penalties including "permanent injunctions, conduct-based injunctions, civil penalties, disgorgement with prejudgment interest, and equitable officer-and-director bars against the co-founders for a period of five years." Furthermore, Rari Capital Infrastructure agreed to a cease-and-desist order as part of the settlement."''
== Their Other Projects ==
== Their Other Projects ==
=== Fuse Protocol ===
=== Fuse Protocol ===
Line 92: Line 110:
* Not to be confused with the [[Fuse Network (FUSE)|Fuse Network]].
* Not to be confused with the [[Fuse Network (FUSE)|Fuse Network]].
* Centered around isolated interest rate markets. Went [https://medium.com/rari-capital/fuse-by-rari-capital-is-live-d9c7ebf08094 live] (18-3-2021).
* Centered around isolated interest rate markets. Went [https://medium.com/rari-capital/fuse-by-rari-capital-is-live-d9c7ebf08094 live] (18-3-2021).
== Roadmap ==
* Can be found [Insert link here].
== Usage ==
=== Projects that use or built on it ===
== Competition ==
== Pros and Cons ==
=== Pros ===
=== Cons ===
== Team, Funding, Partners ==
== Team, Funding, Partners ==
=== Team ===
=== Team ===
* Full team can be found [here].
* From the [https://medium.com/rari-capital/rari-capital-is-now-live-9c0820944d77 announcement] (14-7-2020):
* From the [https://medium.com/rari-capital/rari-capital-is-now-live-9c0820944d77 announcement] (14-7-2020):
"''Our team comes from a variety of backgrounds all with an emphasis on security: [[MyCrypto]], the most secure [[Ethereum]] [[wallet]], Boeing, Scoot, Bain and many others."''
"''Our team comes from a variety of backgrounds all with an emphasis on security: [[MyCrypto]], the most secure [[Ethereum]] [[wallet]], Boeing, Scoot, Bain and [[MANY|many]] others."''


* [https://www.forbes.com/sites/rorymurray/2020/08/03/teen-crypto-entrepreneurs-may-be-the-real-adults-in-the-room/?sh=4ee070cf4ce8 From] [[Forbes]] (8-3-2021):
* [https://www.forbes.com/sites/rorymurray/2020/08/03/teen-crypto-entrepreneurs-may-be-the-real-adults-in-the-room/?sh=4ee070cf4ce8 From] [[Forbes]] (8-3-2021):
Line 113: Line 119:
''"Founded by Jai Bhavnani, 18, Jack Lipstone, 19, and David Lucid, also 19."''
''"Founded by Jai Bhavnani, 18, Jack Lipstone, 19, and David Lucid, also 19."''


=== Funding ===
* Jai [https://tribe.fei.money/t/a-goodbye-and-explanation-to-the-tribe-community/4360 left the project] as CEO to work on other things (12-6-2022).


=== Partners ===
=== Partners ===
Line 129: Line 135:
[[ETH]] tip [[address]]: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31
[[ETH]] tip [[address]]: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31


Also check out [https://cointr.ee/zeb CoinTr.ee] for more content.
 
[[Category:Companies/Organisations]]
[[Category:Companies/Organisations]]
[[Category:Coins/Tokens]]
[[Category:Coins/Tokens]]

Latest revision as of 06:07, 22 September 2024

Rari Capital is a yield harvesting tool that automatically rebalances your funds between different protocols to earn the best return.

Basics

History

Audits & Exploits

"As per the SLOC, there is 65% testing to code (TtC). There is no documented test report by Rari's developers. In addition, there is no code coverage report. Rari has not undergone formal verification. Rari does not document whether or not they use testnets. However, other sources identify that they use internal testnets. All of Rari's products have been audited multiple times. Some were pre-deployment and some were post-deployment."

With the comment:

"Despite some good (yet relatively disorganized) documentation, clear contract information, and a big bug bounty offering, an unfortunate re-entrancy attack still occurred. However, Rari should be congratulated for its nimble auditing record. While only their vaults are documented in their repo, all Rari products have been audited at some point. In addition, there's great software function documentation covering all contracts.

Despite this, there is no clear information relating to how their admins are controlled, owned, or what capabilities for change they possess. It is also unclear what timelock process is in place and there is no information relating to pausability in case of emergency either. In addition, how their oracles function and flashloan, as well as frontrunning countermeasures, aren't clearly considered. Generally speaking, their repository could benefit from some restructuring to make navigation and subsequently improvements a little easier."

  • Previously scored a 74% (20-3-2021); "​Rari capital was released in October 20th. Quantstamp did an audit in December 2020." With the comment: "Good docs but weak tests and an audit done after deployment weakened the score."
  • Quantstamp audited the later hacked code (20-7-2021).
  • From The Defiant (16-7-2020): Rari is in progress with an audit and hence unaudited. 

Bugs/Exploits

  • From Blockthreat (3-5-2022):

"On April 30, 2022 Fei Protocol’s Rari pools on Ethereum and Arbitrum networks lost $80M as a result of a reentrancy exploit. Rari Capital patched a price oracle manipulation vulnerability in one of its pools after it was responsibly disclosed by Hacxyk."

"Rari Capital: Fuse pool vulnerability disclosed, cross-asset reentrancy allowed assets to be borrowed for free, pools fixed via upgrade"

"Index Coop Rari pool attempted attack, Uniswap V3 TWAP oracle manipulation prevented by arb bot, attacker lost 68 ETH."

"On November 2, 2021, Rari Fuse protocol was exploited with a price manipulation exploit which resulted in the loss of $3M."

"Fuse community pool drained after VUSD price manipulated on Uniswap v3, TWAPs can be subject to manipulation."

"All of the protocol contributors decided to forego their token allocation in RGT to reimburse anyone affected by the hack. The 2,000,000 RGT (currently worth over $20 million) have been sent to the DAO in charge of both reimbursing lost funds and rewarding those who helped Rari fight the attack."

"The youthful yield aggregator has fallen victim to a serial attacker, as the same wallet which attacked Value DeFi only hours before, turned their eyes onto the Rari Capital ETH pool, removing $10 million worth of ETH. The attacker decided to voice their opinion on the involved protocols, but it seems they had second thoughts, as they tried to cancel the transaction. However, they set the gas too low and the cancellation didn’t go through for 20 minutes, giving everyone time to see their message."

Governance

Admin Keys

"No admin control information is detailed in Rari's documentation. The relevant contracts are not identified as immutable / upgradeable. Ownership is not clearly indicated in Rari's documentation. There is a brief mention of a Rari governance token, but there is no explanation as to what it does. Smart contract change capabilities are not identified in any of Rari's contracts. This protocol's pause control is not documented. Rari has no timelock documentation."

Token

Launch

Token allocation

  • From their blog (7-10-2020):

"We will be distributing 87.50% of the token to depositors within a short 60 day period. The remaining tokens will be reserved for the team and subject to The Rari Vesting Plan."

Utility

"It takes COMP mined from lending Rari funds on Compound and liquidates COMP every 3 days to increase interest payments to RFT token holders, which is just the IOU token you receive in your wallet when you deposit stablecoins into Rari."

  • From their blog (7-10-2020):

"The $RGT will have a few different roles:

  1. Maintaining Governance: decisions to integrate new protocols, edit pool parameters, edit risk parameters, etc
  2. Passthrough Governance: if a pool accumulates other tokens like $COMP, $BAL, the token can serve as a passthrough for their governance
  3. Fee Discounts: the token can be used for fee discounts from the Rari Protocol

$RGT will be burned on every cent made by the protocol (70% of all revenues to be exact), decreasing the total supply of the token as the protocol succeeds." 

Tech

"Their FUSE repository has some 330 contracts, making this tribe's history a well documented cave painting."

"Rari Capital will migrate its liquidity to its own fund on the Melon (soon to be rebranded!) Protocol in the coming weeks following the release of Melon v2."

How it works

"We automatically rebalance the funds to earn yield by:

  1. Lending between lending protocols (ie Compound Finance, dYdX)
  2. Swapping between stablecoins for arbitrage and yield optimization
  3. Farming yield from protocol-based rewards (ie $COMP)"

Other Details

Oracle Method

"The protocol's oracle source is documented at this location. The contracts dependent are not identified. There is no relevant software function documentation. This protocol documents no front running mitigation techniques. Rari documents no flashloan countermeasures."

Compliance

"The United States Securities and Exchange Commission (SEC) announced that it has reached an agreement to settle previously unannounced charges against Rari Capital.

The regulator alleged that Rari Capital and co-founders Jai Bhavnani, Jack Lipstone, and David Lucid misled investors and that the platform served as an unregistered broker. Rari Capital's platforms held more than $1 billion worth of assets at one point, the SEC said.

Rari Capital and the founders did not admit or deny the SEC's allegations, but agreed to various penalties including "permanent injunctions, conduct-based injunctions, civil penalties, disgorgement with prejudgment interest, and equitable officer-and-director bars against the co-founders for a period of five years." Furthermore, Rari Capital Infrastructure agreed to a cease-and-desist order as part of the settlement."

Their Other Projects

Fuse Protocol

  • Not to be confused with the Fuse Network.
  • Centered around isolated interest rate markets. Went live (18-3-2021).

Team, Funding, Partners

Team

"Our team comes from a variety of backgrounds all with an emphasis on security: MyCrypto, the most secure Ethereum wallet, Boeing, Scoot, Bain and many others."

"Founded by Jai Bhavnani, 18, Jack Lipstone, 19, and David Lucid, also 19."

Partners 

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31