Village Defense Systems

Here you can learn which measures ensure protocol safety and fairness

Attack Vector Protection Mechanics

• Anti-Frontrun Mechanism! All important functions require a gasPrice equal to the default of BSC (5 gwei) in order to successfully execute. This makes block transaction index ordering random.

  1. Yolonaut, Loyalty, Artifact NFT minting (1max per block)

  2. Reward Claiming.

  3. * We're discussing the implementation of Commit-Reveal strategies (Submarine Sends) for the Vaults and for our Custom DEX Pair. Simply put - we will hide the trade amounts which renders frontrunning bots useless.

• No malicious “cheat-the-business-logic” transfers! The Keeper and Yolonaut contracts are our solution to exploits related to maliciously breaking the yield process by using multiple accounts to pass NFTs around automatically.

• No Reentrancy! Even though we have no reentrancy points, since there are no untrusted external calls, we make all state updates before calling external functions. Additionally, we have the "antiReentrant" modifier applied to some functions just for extra security. The only place for reentrancy is the Marketplace and we have modifiers and checks all over its functions.

• No Replay attack vectors! No magical custom signing schemes. (EIP 155 makes this attack no longer possible without custom scheme)

• No Ownership! Even though we have control as owners we have developed a Governance contract which enforces a timer of each setter to 6h after set, so there could not be any surprises. This will evolve to voting in the future.

• Owner account secured! We have taken all measures to secure the owner account by using cutting-edge multisig protection.

• No Transaction-ordering attack vectors! The setter timer makes modifying state in the same block impossible.

• No Oracle attacks. We do not rely on any outside price calculations.

• No overflow/underflows! We have all the edge cases covered by the E2E tests. Nothing bigger that 2*256 and no subtraction from 0. (plus 0.8.0+ solc supports native safemath)

• No Short address attack – fixed in sol version 0.8.4!

• No Denial of service! We have put state syncing & verifying functions. There are no dangerous statement requirements to prevent a system freeze. We have made deep gas profiling to verify that nothing can get over the block gas limit.

• No Timestamp Dependence!

• No tx.origin authentication!

Flash loan attacks? We have decided to disallow flashloans to go through the system. There are no use cases for flashloans in our ecosystem

Check out our audits:

pageThird Party AuditspageInternal Audit