GrimToken (GRIM)
Project on Fantom that scored the lowest score possible, 0%, on DeFi Safety (17-3-2022).
Basics
History
Audits & Exploits
- No bug bounty is offered by the Grim Finance team (17-3-2022).
- Scored 0% on DeFi Safety (17-3-2022):
"Activity is more than 10 transactions a day on contract 0x18C5C07a9F68c82de678470a9E9306Ffc3e9Ced6 (Grim-0%FTM Vault). No documentation covers Grim Finance's deployed contracts and their respective software functions. Grim's GitHub repository is private, making traceability between software docs and source code impossible. No test scripts were found because Grim Finance's GitHub repository is private. No Grim Finance Formal Verification test has been documented. Multiple audits took place post deployment, but since the repository is private 25% is deducted. Indeed, Solidity.finance's first audit took place before the reentrancy exploit that this protocol underwent but did not ensure a reentrancy guard was implemented in the relevant locations."
With the comment: "Despite a good number of post-deployment audits and an impressive SMS alarm should TVL fall by 30%, this protocol's commitment to transparency is certainly the recipe of nightmares. Grim Finance is as transparent as the Grim Reaper - it's beyond belief that this protocol still has a private repository post-reentrancy attack. The attack vector used is the oldest trick in the book - the original DAO hack was made in this way. Users should be tossing and turning in their sleep if they've supplied funds to Grim."
Bugs/Exploits
- From DeFi Safety (17-3-2022):
"On 21 Dec 2021, Grim suffered a reentrancy hack causing preventable loss of 30M a major loss (31% of TVL). This causes a penalty of 30% in place until 21 June 2022. Note: The maximum penalty a protocol can incur is 30%, or otherwise any lower penalty that effectively brings the protocol's score to 0."
Governance
Admin Keys
- From DeFi Safety (17-3-2022):
"Admin Control information could not be found in any of the Grim Finance documentation. Grim Finance's relevant contracts are not identified as immutable / upgradeable. Grim Finance's pause control is documented but insufficiently explained in this location. There is no evidence of testing. While it details that the vaults will pause if a potential threat is identified, it requires more explanation as to what these threats are. Grim Finance has no timelock documentation."
DAO
Treasury
Token
Launch
Token Allocation
Utility
Other Details
Stablecoin
Coin Distribution
Technology
- Whitepaper or docs can be found here.
- Code can be viewed here but this repo is private (17-3-2022).
Implementations
- Built on: Fantom
How it works
Fees
Upgrades
Staking
Validator Stats
Liquidity Mining
Scaling
Interoperability
Other Details
Oracle Method
- From DeFi Safety (17-3-2022):
"Grim Finance's oracle source is not documented. Grim Finance cannot be front run."
Privacy Method
Compliance
Their Other Projects
Roadmap
- Can be found [Insert link here].
Usage
Projects that use or built on it
Competition
Pros and Cons
Pros
Cons
Team, Funding and Partners
Team
- Team is anonymous (17-3-2022).
Funding
Partners
(:
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
