We continue our series of instructive posts with some special recommendations for developers using Convex Finance DeFi integration!
Greetings dear readers!
In this article, we present tips that we have acquired over the years of auditing such integrations, you will also find a list of tools and research for self-study, we strongly recommend that you read it separately for better understanding!
I — Introduction
Looking at this month’s never-ending hacks, one wonders why they happen so frequently. Have audit firms actually gotten worse at what they do?
This, in our opinion, is not the case; yet, the topic is rather tricky because you can, in certain ways, reduce the risks to yourself and your project!
By the way, we are working on such a solution within the team and hope to deliver it shortly!
We believe there is no one who doubts that the basis of any secure integration is a special approach to writing code. Consequently, this article will be focused only on those aspects that can be really useful for making your code safe and secure!
This is what we’ll cover in this post about using Convex into your project!
II — Convex Walkthrough
Convex Finance is a decentralized finance (DeFi) platform that provides boosted staking rewards on the Curve Finance exchange.
The protocol operates on the Ethereum and Arbitrum blockchains and acts as a yield optimizer for CRV token holders and Curve liquidity providers.
More about Convex:
-
An article from Hiro Kennelly: banklessdao.substack.com/i/69297572/convex
-
More about Convex: open.substack.com/pub/curve/p/april-23–2021-a-lens-on-convex
-
Making sense of Defi concepts — Curve’s tokenomics on Convex Finance: rainbowonfi.com/2022/01/making-sense-of-defi-concepts-curves.html
-
More about Convex (2): coinkickoff.com/convex-finance-cvx
-
Tokenomics: docs.convexfinance.com/convexfinance/general-information/tokenomics
-
A guide to Convex: medium.com/stakingbits/guide-to-convex-finance-91253329e51b
Curve wars:
You may have heard this term somewhere before, but without a detailed study of the subject it will be difficult to understand how Convex works!
So, let’s get to the bottom of it!
The Curve Wars can be described as the competition between several DeFi protocols to get a share of the liquidity in the Curve Finance ecosystem; the hustle to accumulate veCRV, Curve‘s governance token, and decide which pool gets Curve’s reward boost.
Although Convex Finance, Yearn protocol, and StakeDAO are protagonists in the Curve wars incentivizing users to deposit their CRV tokens into their platform, the Curve Wars play out essentially on Convex protocol, which offers one of the highest ROI on CRV.
Read more about Convex and Curve wars here:
-
Curve wars: medium.com/momentum6/the-great-curve-war-is-heating-up-dont-miss-the-alpha-9b70d99cf694 and youtu.be/WGHSdJstKTg
-
Curve wars (2): dappradar.com/blog/the-curve-wars-explained-when-defi-becomes-aggressive and itsa-global.medium.com/itsa-defi-insight-curve-convex-and-the-curve-wars-840f47932aff
-
The Great Curve War (aka. Convex War): medium.com/despread-global/the-great-curve-war-aka-convex-war-bf702d159fb3
-
Advanced CRV warfare: analysis of protocols built on top of Curve and Convex: tokenbrice.xyz/crv-wars-l2
Check out this resource, visit blog and other official channels:
Let’s get started! We hope you find today’s article informative and helpful!
III — We Recommend
Following the tips below can significantly improve the security of your project’s integration:
-
If you get poolId, you can also get the corresponding BaseRewardPool through Booster.poolInfo(poolId).crvRewards
-
Booster.deposit, assuming that _stake = false, does not stake LP tokens, but just minting deposit tokens for the caller. Therefore, it should be possible to transmit stake=true in the integrating contract, or make BaseRewardPool.stakeFor() separately.
-
BaseRewardPool.stake stakes deposit tokens only, not real LP tokens. That’s why it’s better to stake through the Booster contract!
How to stake?
-
LP tokens — through the Booster contract: Booster.deposit(pool_id, amount, true)
-
CVX and cvxCRV — same as with LP tokens!
-
CVX will be staked in the cvxRewardPool, but cvxCRV will be staked in the regular BaseRewardPool!
-
If you stake through a booster contract, CVX and cvxCRV will go into the cvxRewardPool and BaseRewardPool, respectively.
Check to see if there is a code that takes away the staking rewards:
-
For LP tokens, CVX, or cvxCRV staking: BaseRewardPool.getReward(user, claimExtras=true); claimExtras determines whether extraRewards take tokens.
-
claimExtras determines whether the user wants to withdraw his extraRewards tokens.
-
Separate pools or the Booster contract itself can be in shutdown status — in it, you wouldn’t be able to make a deposit. Before initiating a deposit, you should check their status: !Booster.poolInfo(i).shutdown && !Booster.isShutdown
-
Booster contract can migrate, so don’t hardcode its address — it’s better to add an option to update it.
Checking the size of the staking rewards:
-
If you want to stake LP tokens: Call BaseRewardPool.earned().
-
For additional rewards from LP staking: get the VirtualBalanceRewardPool address via BaseRewardPool.extraRewards(i). Call VirtualBalanceRewardPool.earned().
-
In the case of the cvxCRV staking, it is exactly the same as you should do with the LP tokens: Call BaseRewardPool.earned().
-
In case of CVX staking — get cvxRewardPool via Booster.stakerRewards(). Get cvxRewardPool.earned()
Withdraw staked funds (LP, CVX, cvxCRV):
- BaseRewardPool.withdrawAndUnwrap(amount, claim=false),
Keep in mind:
-
claim determines whether to collect awards via getReward()
-
If you call .withdraw() instead of .withdrawAndUnwrap(), the local Convex deposit tokens are returned, not the LP tokens.
If you want to support my work, you can send me a donation to the address:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR