Impossible Finance (IF)
Yield farming and fundraising
Basics
History
Audits & Exploits
- Bug bounty program can be found here (26-5-2022):
"Impossible Finance offers an active bug bounty of $94K. In addition, the bounty will also payout 10% of the funds at risk within a found attack vector. If a bug is found that would cause the loss of Impossible's entire TVL, the whitehat hacker would effectively get paid 10% of Impossible's TVL."
- Scored 94% by DeFi Safety (26-5-2022):
"Impossible's TtC coverage is 174%. However, it is important to note that testing was only found for the launchpad contracts, but not for the staking or trading ones. Nevertheless, Launchpad is Impossible's main offering and it is adequately tested as per our standards. No test for coverage seen. However, Impossible does have some solid Launchpad testing. As such, 50% will be given here. No testing reports/CI found in their repos or "Actions" tab. Impossible Finance has not undergone formal verification.
Impossible Finance has been audited multiple times both pre-deployment and post deployment. Audit reports can be found here."
With the comment:
"Firstly, the launchpad provider had a decent running start in our core transparency metrics. Addresses are public and easily found, devs are doxxed, technical documentation was present, and the well-maintained GitHub contained fully open-source software.
However, one thing that was clearly missing was admin control information. Upon establishing contact with the developers, they worked very hard to produce this important document. It can now be found here: https://impossiblefinance.notion.site/Contract-Addresses-Docs-Details-8f357cb16b844e89a759b28264a23eae. Secondly, this aforementioned document contains all the high-level information needed to evaluate Impossible Finance's admin controls. Core contracts are immutable, ownership is through a MultiSig, and change capabilities are restricted to trading fees and whitelisting.
Moreover, there is also a breakdown of how Impossible mitigates the risk of front running and flash loan manipulations. With asymmetric boosts and staking allocations proportionate to stake amount held over time, Impossible's mechanisms capitalize on risk mitigation.
Lastly, the protocol shows a dedication to security via multiple pre-deployment audits for each protocol deployment and a sizeable bug bounty that will reward whitehats with up to 10% of total capital "saved" through attack vector disclosures.
In the future, we would love to see Impossible further develop its testing suite with the addition of code coverage and unit tests, detailed testing reports, and a formal verification. We will be monitoring these additions closely and update the report as they are added. All of that to say, Impossible Finance's process quality standards are extremely high. The protocol architecture and security measures were certainly well thought out, and we are looking forward to newer protocols utilizing its innovative launchpad in the future."
Bugs/Exploits
"$0.5M was stolen from Impossible Finance. The hacker made multiple swaps in a row at about the same price and drained the LP, which is usually impossible."
Governance
Admin Key
- From DeFi Safety (26-5-2022):
"Admin control information is documented at this location, and can easily be found. Impossible clearly identifies their smart contracts as immutable here. Ownership is MultiSig and clearly indicated in this location. Impossible smart contracts are immutable at the core level, and smart contract change capabilities are described here at a granular level. Impossible's core protocol is immutable, but granular parameters such as trading pairs can be paused. Since Impossible is immutable, they have no need for a core timelock. However, any swap changes incur a block delay on the blockchain, which effectively act as a time delay for swap upgrades. In addition, Impossible can retrieve funds from the launchpad in the event of an emergency, but this function is initially locked for months. Furthermore, "The admin does not have any ability to be able to take custody of users funds, and that fees also have a max limit of what they can be set to to prevent the multisig from raising fees to 100% to hurt users or drain any protocol activities."
DAO
Treasury
Token
Launch
Token Allocation
Utility
Other Details
Stablecoin
Coin Distribution
Technology
- Whitepaper can be found here.
- Code can be viewed here. From DeFi Safety (26-5-2022):
"At 313 commits and 26 branches, we didn't know a development history like this was possible."
Implementations
How it works
Fees
Upgrades
Staking
Validator Stats
Liquidity Mining
Scaling
Interoperability
Other Details
Oracle Method
- From DeFi Safety (26-5-2022):
Impossible does not use oracles due to all pool prices being "calculated directly from the supply of tokens in the swap itself. There are no other derivatives or price feed reliances in the Impossible Finance ecosystem" that would require a price feed oracle. The Impossible launchpad does have any time preference, meaning that there are no front-running opportunities there. Moreover, the Impossible swap has an asymmetric boost - which reduces slippage due to higher liquidity parameters. All this information is readily available here.
Compliance
Their Other Projects
Roadmap
- Can be found [Insert link here].
Usage
Projects that use or built on it
Competition
Pros and Cons
Pros
Cons
- Had investment from Alameda Research/FTX, which came out (11-11-2022) during the FTX crash. This could mean fall-out risk. Turned out (8-12-2022) to have sold $500k worth of tokens to Alameda.
Team, Funding, Partners
Team
- Full team can be found [here].
Funding
Partners
(:
Knowledge empowers all and will help us get closer to the decentralised world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated:) This will help us to keep expanding this archive of information.