Security in The Sea of Decentralized Finance by@elagai

Security in The Sea of Decentralized Finance

The main developer and co-founder of Polycat Finn kindly agreed to answer a few questions about security, the choice of projects for investment, and a little about Polycat. Polycat is a native Polygon project, a large yield aggregator, combined with its own AMM. Liquidity providers receive a PAW token for staking on farms. It also has a lot of vaults with an auto-compound of profits, tanks with the farming of various tokens, a service for conducting IFO (Initial Farm Offering)
Serg HackerNoon profile picture


Cryptocurrency | DeFi | Yield farming

The sector of decentralized finance is growing rapidly; many people are joining this revolutionary field of finance. But in the pursuit of a big profit, it is easy to lose your funds if you neglect simple security rules.

In this article, we will not talk about such simple things as the safety of private keys or seeds since this is an axiom for cryptocurrency users.

Here we will tell, for example, how to differentiate between DeFi projects to which you can entrust your funds from projects you need to avoid.

The DeFi sector is developing on the basis of many blockchain's, both widely known, such as Ethereum, Polygon, Binance Smart Chain (BSC), Solana, and less popular, such as Kusama, Free TON, and others. For greater concreteness, we will talk about the basics of security that the user must observe, using the example of the DeFi sector in the Polygon.

This choice is because the greatest growth of the DeFi sector is observed this year in Polygon. In terms of growth rates, it is even ahead of BSC, which was the favorite in terms of growth rates last year.

What is the reason for such a significant impulse to the development of Polygon?

The simplicity of migrating to it from Ethereum. It is easy for developers to transfer their Dapps; users practically do not need to get used to something unusual, which is significantly different from interacting with smart contracts in Ethereum. At the same time, transaction fees in Polygon are thousands of times lower than in Ethereum.

The First Step. DYOR (Do Your Own Research)


So, where to start for a person who wants to make his funds work effectively and make a profit? From the selection of projects for investment. At this stage, the most important thing is to collect information about promising, profitable, and reliable DeFi projects. Therefore, before sending your funds anywhere, visiting special services that deal with user security issues makes sense.

Undoubtedly, the best of them is currently the Rug Doctor. Without exaggeration, it can be called a "Security Hub" for users.


The Rug Doctor tracks many DeFi projects in ten blockchains, including Polygon. The Rug Doctor checks their code for obvious exploits, monitors the presence or absence of audits, and the quality of these audits, and determines the degree of risk on a conditional scale. The Rug Doctor also informs in real-time via Twitter and Telegram about the detected dangers.

On the Rug Doctor website, it is easy to find the project you are interested in and find information about it. In addition, on RugDoc, you can find a lot of useful information in general about DeFi, about yield farming, which can significantly help a novice user in mastering this difficult "territory."

Of course, there is no absolute guarantee of the safety of the Rug Doctor recommendation; moreover, no one can give guarantees. Therefore, at the beginning of your path to profit, it is advisable to choose well-known large projects that have already proven themselves positively among users. You should not be tempted by the high APR of unknown new projects. Remember that one of your mistakes can completely deprive you of funds. Of course, you can only risk the funds that you are ready to lose. Nevertheless, it is better to be careful.

Maybe, reading this article, you wondered: Why does the author write "we" instead of "I" at the beginning of the article? Well, the moment has come to clarify this issue. The main developer and co-founder of Polycat Finn kindly agreed to answer a few questions about security, the choice of projects for investment, and a little about Polycat.


Polycat is a native Polygon project. A large yield aggregator, combined with its own AMM. Liquidity providers receive a PAW token for staking on farms. It also has a lot of vaults with an auto-compound of profits, tanks with the farming of various tokens, a service for conducting IFO (Initial Farm Offering), which is an original system for the initial sale of project tokens. 

The main Polycat token is FISH. FISH is a governance token that allows its holders to participate in the decentralized management of the project. Also, FISH holders receive some part of the profit from the vaults, while they periodically determine by voting which vaults to send funds (according to the degree of profit/risks of investments).

Hello, Finn! 

Thank you for agreeing to answer a few questions.

What factors should an inexperienced user first take into account when choosing a DeFi project for investment?

First of all, thank you for having us!

I believe the very first thing a user should check is the track record of a project.

How long has the project been around? What features do they offer? When you look up the project’s name, do any past issues come up?

The second thing should be, of course, audits. It is very important the project’s code has been audited by --ideally-- several third parties. This is because humans perform audits, and humans can make mistakes. Having several audits lessens the potential risk. The auditor’s reputation should also matter.

I also believe the project’s optics (or public image) is something that’s often overlooked, but that should matter. A user should always look for a team that operates in a professional manner. A well-organized team that communicates transparently is often a good sign that the project is trustworthy. I believe the developers should be close to their community (up to an extent).

According to the assessment of the Hacken auditor, 76.5% of cryptocurrency projects have either not passed a security audit or have not publicly disclosed the fact they had been audited. Why is the audit of smart contracts of the project important?

Audits are essential; developers in successful projects usually work countless hours with not a lot of sleep.

We’re not machines, so we definitely can make mistakes. It is of vital importance our code is reviewed and audited by third parties so that we do not expose user funds to unnecessary, avoidable risks.

It’s never a good idea to go cheap on audits. A low-quality audit will not be as thorough because if the price is low, you can assume they get dozens of audits to perform at a very fast rate, and audits cannot be rushed unless this was agreed upon before starting in special cases.

I remember you said in discord that it is better to skip the scheduled launch dates for updates than to deploy a smart contract that an auditor has not verified. Is the smart contract audited after each change required when launching or updating the project services? How many audits of Polycat smart contracts have there been?

If you’re tight on deadlines, it’s better to delay big features rather than release them unaudited.

We’ve seen projects being exploited or hacked so many times because of the lack of audits or even bugs the auditors missed.

Not every single feature needs to be audited; small fixes or updates are not worth auditing, of course. Only big features where a lot of new code has been added should be.

Polycat has 7 audits so far; we’re planning on getting more of them done. The number of audits should grow in parallel with the project.

Tell us briefly about what has already been done and about the future plans of Polycat, unless, of course, they are pleasant surprises.

We’ve delivered on every feature we promised, and of that, I’m very proud.

Our vaults were deployed only 7 days after we launched. A couple of months later, we released a new UI and our own AMM decentralized exchange at the same time. A couple of days after that, we released our Governance feature, where our users can create and vote on proposals with their FISH tokens.

We will soon launch a liquidity incentives program to attract new farms to use our AMM. We will split a share of the swap fees with them and even create a PAW farm if certain conditions are met.

Big partnerships are also coming. One of them is our “Reviewed Vaults” in cooperation with The Rug Doctor.

We will essentially team up with the geniuses at and let them auto compound any vaults they consider safe through us.

But wait, there’s more! We also have another partnership coming up with PolyPulsar. They recently released their launchpad to incentivize their users to use our LPs by combining our Liquidity Incentives program and our Reviewed Vaults feature!

Excellent plans for the future growth of Polycat, Finn! Thank you very much for the informative answers to the questions. And it's time for us to take the next step:

The Second Step. Sending Funds


After you have collected the necessary information about the projects and made a decision, you can transfer your funds to Polygon (if the funds are on another network) or send them to Polygon from the exchange. The Polygon is supported by the AscendEX, Binance, and KuCoin exchanges. But in the sea of DeFi, centralized exchanges are not needed. Therefore, you can use the bridges to transfer funds.

There is a large selection of bridges for this, including the MATIC bridge and the bridge supporting several blockchain's Evodefi. Evodefi also allows you to get at the other end of the bridge instead of the entered asset, any asset supported by the bridge (so far only between BSC and Polygon in both directions). For example, you can send a BNB or USDC and get MATIC or FISH right away.

The Third Step. Investing


After calculating the projected profit relative to the level of risks, you can invest in your chosen DeFi projects. We can congratulate you on entering the financial world of the future!

But wait to click on the "Deposit" button. Investing also includes actions that must first be studied and then performed when depositing funds.

You can make a trial deposit first. This is one of the ways to check whether there is an excessive fee in the farm/pool/vault. You can also use this method to find out the address of the smart contract that you are interacting with and the PID of the pool. With this information, you can make an emergency withdrawal. In addition, you should know how to revoke permissions to the smart contract (usually called Masterchef) with which you interact. All of the above is not very difficult. You can easily find information about this, including on the RugDoc website.

As you may have noticed, the first step in the article is given the most time. Because before you do something, you should think about everything well, analyze it, and calculate it yourself. In DeFi, you are completely free to dispose of your funds, no one can arrest or confiscate your funds, but at the same time, you are responsible for the decisions you make. Therefore, first of all, DYOR.

react to story with heart
react to story with light
react to story with boat
react to story with money
. . . comments & more!