- Use trading fees as external bribes.
In contrast to Velodrome, Velocimeter takes the trading fees of liquidity pools with gauges and sends them
as external bribes for that respective pool.
FLOWtrading fees directly bribe upcoming voters to direct their votes to the
USDC:FLOWpool. Velocimeter believes this creates a much better voting experience as voters clearly can see what they will get, rather than wait to see what trading fees they happen to accumulate in the week following their vote.
- Trading fees without gauges. With pairs that don't have a gauge, or have a gauge what was "killed", the trading fees are sent to the tank (opens in a new tab).
- One vote per epoch. In Velocimeter, voters are only allowed to make "active" voting decisions (i.e. vote and reset) once per epoch. Voters must wait until the next epoch to change their votes. Voters can, however, cast their votes throughout the epoch.
- Killable gauges. To dissuade emissions exploitation via dummy gauges, we're allowing the Velocimeter Council of Velocimetry (akin to Curve's Emergency DAO) to kill any "bad" gauges. The Council is composed of individuals from varying parties meant to serve as a credibly neutral decision-maker for the broader ecosystem.
- Removed the LP boost for voters. The boost was removed that voters receive when staking their LPs with gauges they voted for. This removes the need for a veNFT aggregator (more on this later...).
- Removed negative voting. Negative voting was considered zero-sum for Solidly, so it was removed.
- Team emissions. 3% of new emissions will be sent to a team address, meant to cover on-going expenses and future development.
- Modifiable fees. Fees on Velocimeter are 0.03% for stable pools and 0.25% for volatile pools.
- Upgradeable veNFT art. Self-explanatory
Velocimeter is a fork of Velodrome Finance (opens in a new tab) which was adapted from Solidly, which codebase was open sourced in full (opens in a new tab) by Andre Cronje and his team in March 2022. Since its release in February on Fantom network, no security incidents related to Solidly smart contracts were reported.
Before moving forward, we'd like to remind to our users that security audits do not eliminate risks completely and that every user should read and agree to our legal disclaimer before using Velocimeter! For security reports, please reach out to us on Discord (opens in a new tab), or to the contacts provided on our Github page.
Solidly went through a partial (only the AMM part was sent for audit) security audit in January 30, 2022. The audit was done by PeckShield and did reveal 5 low-severity and 1 informal findings.
The full audit is available for download from Solidly git repository (opens in a new tab).
Velodrome went through a security audit and a peer review as part of the Code4rena bug bouncy contest. Finally, a full MythX deep scan on Velodrome contracts found just a handful of false-positive, low-severity issues reported.!
🚨 Velocimeter has NOT gone through any form of audit but rather adopts some from the Velodrome security procedures. The following point of code was changed.
- Removal of Internal Fees The fees are now directed as external bribes so the need for many contracts became redundant, ie pairFees.sol, internalBribe.sol
The Code4rena contest results were released on August 8, 2022 and are available here (opens in a new tab). All high- or medium-risk issues were either resolved pre-deploy, except for one known issue (users can claim eligible rewards from ExternalBribe contracts more than once) that's currently being addressed (via a wrapped contract solution). No user funds are at risk from this vulnerability, and protocols who wish to deposit external bribes should get in contact with the core team to discuss alternative solutions. More information about our C4 contest can be found here.
Velodrome ran a bug bounty contest on 23rd to 30th of May 2022 with awards up to $75,000 on Code4rena (opens in a new tab). The main scope of the contest was to cover all the new changes to the new and the original contracts.
Solidly's bug bounty program was launched in February 2022 on Immunefi.com. There were no claims for any of the $200,000 rewards (on their Github (opens in a new tab)).
|0x2Baec546a92cA3469f71b7A091f7dF61e5569889 (opens in a new tab)
|0xA472b00DdCf03f099dB954c70133dD6F0c5Fcc26 (opens in a new tab)
|0xa9fa811Cc3BDdF9ba8dAC435f26B77525Eb3B546 (opens in a new tab)
|0x3a9238141a4655d0dC907e18BBf9c21b843F09c7 (opens in a new tab)
|0xb12aF64E128A1D4489D13314eB4Df81cBCE126aC (opens in a new tab)
|0x9B2920e72dF6E1A7053bEa7235c65079F5104398 (opens in a new tab)
|0x7517df74F63a440D5Fc7c6Ec8BC40560F32079a8 (opens in a new tab)
|0x3fa6A5FCB6054133d82C8d46FbD42216a16431d0 (opens in a new tab)
|0x990efF367C6c4aece43c1E98099061c897730F27 (opens in a new tab)
|0x19E1eef506eE61A58d1AAa11635361bBaE5D0676 (opens in a new tab)
|0xC5B58aE761a77fF16d548dE9b42933c8FBfe4c33 (opens in a new tab)
|0x0cEd59FF9BDe47b2F5F0EDD2FdFfA6a0116d91Cd (opens in a new tab)