Difference between revisions of "ShapeShift (FOX)"

From CryptoWiki

Line 22: Line 22:


*[https://shapeshift.com/responsible-disclosure-program According] to ShapeShift, it has given approximately 40k in rewards for bug finds (26-10-2021).
*[https://shapeshift.com/responsible-disclosure-program According] to ShapeShift, it has given approximately 40k in rewards for bug finds (26-10-2021).
*Scored [https://www.daometer.xyz/review/5 82%] on [[DAOmeter]] (21-2-2023), scoring a bit low on Community (no offboarding process and not perfect documentation score), Voting (no custom tools and no compensation for delegates), Security (multi-sig) and Treasury (multi-sig & no custom tools).
*Scored [https://www.daometer.xyz/review/shapeshift 88%] on [[DAOmeter]] (21-2-2023), scoring a bit low on Community (no offboarding process and not perfect documentation score), Voting (no custom tools and no compensation for delegates), Security (multi-sig) and Treasury (multi-sig & no custom tools).
*Scored [https://www.defisafety.com/app/pqrs/455 76%] on on [[DeFi Safety]] (4-1-2023):
*Scored [https://www.defisafety.com/app/pqrs/455 76%] on on [[DeFi Safety]] (4-1-2023):
''"ShapeShift is up at bat with historically above average performances. This time around is no different, as the on-ramp platform delivers solid fundamentals yet again. However, it could use optimization in certain areas.''
''"ShapeShift is up at bat with historically above average performances. This time around is no different, as the on-ramp platform delivers solid fundamentals yet again. However, it could use optimization in certain areas.''

Revision as of 04:14, 9 April 2023

ShapeShift is a crypto currency trading platform offering zero-commision crypto trading and self-custody

Basics

  • Is based in Switzerland, Zug
  • Was founded in 2013
  • ShapeShift is an exchange that supports a variety of cryptocurrencies including Bitcoin, Ethereum, Monero, Zcash, Dash, Dogecoin and many others.
  • Testnet release:
  • Mainnet release:
  • ShapeShift does not allow users to purchase crypto’s with debit cards, credit cards or any other payment system. The platform has a no fiat policy and only allows for the exchange between bitcoin and the other supported cryptocurrencies.

History

  • Shapeshift used to be great for those who want to make instant straightforward trades without signing up to an account or relying on a platform to hold their funds. However this changed after a move to membership accounts in september 2018. Soon SideShift was created as an alternative.
  • This was once again changed with the launch of FOX and the announcement of decentralizing into a DAO (14-7-2021).

"ShapeShift has never been decentralized. So it was noncustodial and we didn't hold customer funds. But it was a central company, and when a customer did a transaction, we would receive, ShapeShift the entity would receive coin A and send coin B out to them from our own wallets, our own inventory. So yeah, it was never a DEX.

Fast forward two and a half years, just a few weeks ago and we have changed our model, such that we're not an intermediary anymore, we've stopped trading with customers entirely, and instead, we have integrated decentralized exchanges into ShapeShift. So now when customers trade, they're trading from the customer to the DEX, instead of from the customer to ShapeShift. That means we are not an intermediary, and that means that we do not need to do KYC or run compliance on that because it is not a regulated activity. So that was a huge, profound change that we've been working on over the last six months and just went live on January 6th."

Audits & Exploits

  • According to ShapeShift, it has given approximately 40k in rewards for bug finds (26-10-2021).
  • Scored 88% on DAOmeter (21-2-2023), scoring a bit low on Community (no offboarding process and not perfect documentation score), Voting (no custom tools and no compensation for delegates), Security (multi-sig) and Treasury (multi-sig & no custom tools).
  • Scored 76% on on DeFi Safety (4-1-2023):

"ShapeShift is up at bat with historically above average performances. This time around is no different, as the on-ramp platform delivers solid fundamentals yet again. However, it could use optimization in certain areas.

While the docs give a general overview of the architecture and its functionalities, it could certainly delve a bit deeper and go beyond its relatively limited diagrams.

Additionally, beyond audits, ShapeShift offers no additional security mentions about various attack vectors that could be inherent to their platform. For instance, no information relating to data feed, front running, and flash loan protection is available.

That being said, the platform’s contracts have been rigorously audited by Zokyo. However, it is quite outdated at this point. Furthermore, the security of its exchange and on-ramp capabilities are unclear, and this is a concern.

ShapeShift’s GitHub provides extensive proof of testing, and in-depth details about the immutability of their contracts. We appreciate this transparency, but recognize that this information only relates to a minute part of the overall platform.

Thus, while contract-related information is fundamentally sound, all of ShapeShift’s other functionalities (on-ramp, aggregate, etc.) are relatively obscure in terms of information availability."

  • Previously scored 90% (26-10-2021):

"Activity is 10+ transactions a day on contract FOX Staking Rewards, as indicated in the Appendix.

At 2,654 commits and 3 branches, the Fox staking repository is the extensive foxhole network the developer's would like it to be. As per https://raw.githack.com/shapeshift/fox-staking-unified-history/master/coverage/index.html, ShapeShift has a 91% code coverage.

Multiple audits were performed before the public deployment of multiple of their smart contracts. Notably, the token, and the staker, and airdrop contracts have all been audited pre-launch."

Bugs/Exploits

"ShapeShift has sued its former senior engineer in Colorado Federal District Court for damages caused by his alleged theft of $900,000 in bitcoin. As detailed in the exchange's Wednesday demand for jury trail, Azamat Mukhiddinov allegedly siphoned 90 bitcoin away from his employer via "malicious code and programs" he is accused of having installed on its servers. Executives said they discovered the $900,000 hole in the company's balance sheet on May 21 and traced it to Mukhiddinov within days.

Mukhiddinov has already made the company whole, the company said. He quickly paid it back via wire transfers, cash-packed "duffel bag" handoffs and bitcoin payments, according to the lawsuit. ShapeShift now wants Mukhiddinov to pay currently unspecified damages for the time and effort employees spent cleaning the exchange's servers of his bitcoin-stealing code."

  • From CryptoSec, hack that happened on 30-6-2016:

"There was a complicated series of thefts at ShapeShift, a cryptocurrency exchange that calls itself the "safest asset exchange on Earth" and is used to convert between different virtual currencies. Thieves broke in three separate times over a time span of two weeks and cleaned out the hot wallets each time, totaling around $200K USD."

Amount stolen: $200,000

Governance

Admin Key

"As of now, the admin keys are operated by a multi-sig, alongside SafeSnap, from their governance boardroom, “Initially, a multisig safeguard controlled by ShapeShift employees has been implemented alongside SafeSnap to mitigate the risk of a malicious proposal stealing funds from the DAO’s treasury. This is intended as a temporary protective measure, and we look forward to working with the community to transition complete control of the treasury to the community of FOX token holders. Verification of the identities and integrity of the ShapeShift employees comprising the multisig keys can be provided to security researchers upon request.” This multi-sig is controlled by a 2/2 system where any proposal that passes, needs to be signed by both parties representing the DAO. This information was obtained in the interview I had with the team member and is only available upon request. There is no official time lock for proposals that meet a passing vote, however according to a ShapeShift core team member, the SafeSnap process takes over 24 hours to process and make changes on-chain. They state here that they are working towards a full transition to give complete control to the community of FOX token holders, but at this stage it is still operated by the multi-sig. Each proposal has a 72 hour voting period."

"Immutability of contracts and absence of owner privileges are clearly described. Although no pause control function exists in the ShapeShift code, their smart contracts are entirely immutable, and the protocol functionalities that do not make pause control functions a necessity are described."

DAO

"Starting today, we begin open-sourcing the ShapeShift project, dissolving our corporate structure toward zero, and re-organizing around a borderless, decentralized community governed by the holders of the FOX token."

  • From their airdrop page (16-7-2021):

"The ShapeShift DAO is powered by SafeSnap (SnapShot + Gnosis Safe)

FOX holders will eventually govern all important decisions of the project. This includes governing the ShapeShift DAO—a new DAO treasury endowed with over 240,000,000 FOX Tokens (24% of all FOX).

What types of decisions could ShapeShift DAO governance control going forward?

  1. Which protocols and assets to integrate.
  2. How to spend or invest funds in the ShapeShift DAO, such as:
    • Funding community initiatives like liquidity mining, Rainfall, FOX Fuel, and FOX rewards or other new initiatives.
    • Which products or services to build.
    • Hiring contractors to build those products or services (and selecting those hired).
  3. Whether to add or change fees for using the ShapeShift interface (currently, ShapeShift does not add any fees but has the capability to turn these on). Examples of this today include: fees on 0x trades, fees on THORChain trades, fees on LP tx’s through THORChain, and fees on fiat purchases through Banxa.
  4. And any other ideas contributed by our customers and community."

Treasury

"A DAO treasury of roughly 1/4 of the FOX supply has been placed in the hands of these holders."

Token

Launch

Token Allocation

  • From their airdrop page (16-7-2021):
  1. "Over 60% of the total FOX supply of 1,000,001,337 tokens has been allocated to the ShapeShift community.
  2. In addition, over 120,000 Gitcoin, Uniswap, SushiSwap, Yearn, Aave, Alchemix, 1inch, Curve, Balancer, and 0x token holders, and most THORChain users, are eligible."
  • From their website (16-7-2021):

"Total Supply: 1,000,001,337 (no inflation)

  1. 340,000,000 (34%) granted to the ShapeShift customers and DeFi community via airdrop
  2. 320,000,000 (32%) granted to employees and shareholders
  3. 242,000,000 (24%) granted to ShapeShift DAO (governance treasury)
  4. 75,000,000 (7.5%) granted to the Foundation
  5. 13,000,000 (1.3%) retained by ShapeShift during decentralization process
  6. ~10,000,000 (1%) already in circulation with >21,000 holders

The active (unlocked/unvested) supply at the time of the airdrop, approximately 438M FOX, is roughly 75% in the hands of the community:

  1. 10M + 340M held by community
  2. 75M + 13M held by ShapeShift
  3. All other buckets are on three-year vesting"

Utility

  • Governance, fee reimbursements and when using ShapeShift you gain tokens (16-70-2021).

Other Details

"The native FOX token had multiple utilities before the decision to move to a fully decentralised protocol, but since the shift to making FOX a decentralised protocol’s native token, it now focuses primarily on governance of the ShapeShift DAO. The FOX token provides governance rights to its holders, users can submit proposals in the ShapeShift boardroom, powered by SafeSnap, a collaboration of SnapShot and Gnosis Safe, as long as they meet the following requirements detailed in their governance overview section from the boardroom. Once ShapeShift moved to a decentralised structure, the original FOX token lost its revenue sharing utilities. It was then that they released FOXy. FOXy, is a rebasing token that is pegged to the price of FOX token. Users can stake their FOX tokens across DeFi protocols to earn FOXy. It is not inflationary and doesn’t dilute the supply of FOX token as the rebase rewards of 11.61% APR which are based on yield and not inflation. This issuance model is contingent on revenue being generated on the ShapeShift platform, however according to a core team member, revenue from their merchandise store and keepkey wallet sales also provide revenue to support token issuance."

Stablecoin

Coin Distribution

Technology

Implementations

How it works

Fees

Upgrades

Staking

Validator Stats

Liquidity Mining

  • From their airdrop page (16-7-2021):

"Liquidity mining will begin in 48 hours at 9:00 a.m. MT on Friday, July 16, 2021."

Scaling

Interoperability

Other Details

Oracle Method

  • ShapeShift does not document any Oracle contract on their repositories (4-1-2023).

Compliance

"ShapeShift was originally operating as a public company, offering a self custodial exchange with zero commission trading. However, after the implementation of the BitLicense act, founder Erik Voorhees announced that if they complied with the new regulations it would potentially put the data of ShapeShift users at risk. From ShapeShift wikipedia. They then announced on July 14th 2021 that ShapeShift would make the transition to full decentralisation by putting ShapeShift in the hands of the community by means of governance. Detailed in this article from decrypt.co."

Their Other Projects

"Outside of the ShapeShift platform, they also created the KeepKey wallet, an offline hardware wallet, as well as CoinCap.io which is a crypto currency price tracking website similar to CoinMarketCap or CoinGecko and finally Portis, a hot wallet similar to MetaMask."

  • Much-hyped crypto portfolio service Prism was shut down on October 11–for reasons that weren’t made public
  • "ShapeShift announced on July 8, 2019, the launch of its latest platform to provide users with an end-to-end solution for securely controlling all aspects of their digital assets. With the announcement of this new noncustodial platform, the five-year-old digital asset company will allow users to buy, sell and trade cryptocurrencies while maintaining full control of their private keys. “The new ShapeShift is arguably the world’s first non-centralized multi-chain digital asset platform,” Voorhees said."

Roadmap

  • Can be found here (16-7-2021):
  1. Wallet support
  2. Open sourcing
  3. Additional blockchains
  4. DEXs
  5. DeFi
  6. Layer 2

Usage

Projects that use or built on it

Competition

Pros and Cons

Pros:

  • Good reputation, beginner friendly, Dozens of Crypto’s available for exchange, fast, reasonable prices.

Cons:

  • Average mobile app, no fiat currencies, limited payment options and tools

Team, Funding and Partners

Team

"There are 40 employees on the ShapeShift LinkedIn including Adam Samere, the team's principal engineer and Alexander Elliot, ShapeShifts financial engineer."

  • Shapeshift is laying off 37 employees, reducing the size of its team by a third ((2019); reasons for the downsize vary between the decline in price of crypto markets and the changing regulatory environment forced the company to face "immense legal bills"; the regulation forced the company to impose identification on users, which drove away many of its API partners who left for non-KYC competitors.

Funding

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31