πŸ”
Safety & Security
Mean Protocol safety and security is always front and center

DeFi is a brand new space and with each new frontier comes its batch of associated risks. We advise care and caution, as well as a necessary curiosity while interacting with DeFi protocols.
This section details information related to the risks involved with using MeanFi and some of the risks associated with the underlying services it gives access to.
Please keep in mind that this page does not consider Solana network-level risks.
This page is not an official nor a legal-binding statement.
It's user-focused documentation of the risk involved with the use of MeanFi and the underlying protocols it provides access to.

All funds are controlled by the users through their wallets and private keys. MeanFi is a non-custodial application and does not have access to spend the funds in the wallets. There are zero risks of losing funds from interacting with MeanFi if your funds are in your wallet.

Decentralized Finance means complete transparency through digital smart contracts on public ledger blockchains. Check more details about Contract Address and Fees here.
PERMISSIONLESS: People and businesses require no permission from any company, government, or institution to interact with the Mean Protocol. You can interact with the MEAN PROTOCOL MAINNET smart contracts any time you want, or explore the code directly on the GitHub repo to get started.
TRUSTLESS: People and businesses do not need to identify themselves with Mean DAO, the Mean Protocol or the MeanFi application. That means, no KYC, no name, no password, no centralized account management. Trustless also means you don't have to trust what we promise. Since these open source apps and smart contracts are deployed into Solana's mainnet, anyone can contribute and inspect the code they are interacting with on GitHub.
NON-CUSTODIAL: We don't ever have access to or custody your money. Your money is in your control all the time, through your preferred wallet (see Solana's Wallet Guide). So long you are in control of your keys, you are in control of your money. The app simply helps you manage your money in more efficient ways, while you maintain your privacy and control over those funds.

Smart Contract / Program Risks
As developers, we try our best to write safe code and we do internal and external code review as well as audits by auditing firms. We have a strict implementation of code coverage for on-chain programs that must pass to 100% before being deployed to production, and perform penetration testing regularly on our web application.
However, we do want to remind our users that issues could arise due to human error, and you should be aware that you are abiding by our Terms of Service, by asserting you understand these risks.
Oracle Risks
We have price oracle redundancy between Chainlink and Pyth oracles. Even though this mitigates single-oracle spoofing attacks and DDOS attacks on their networks, under certain extreme market conditions pricing data could be corrupted on BOTH oracle networks and therefore affect the execution runtime of our DCAs. The risk of this happening is low, but if it did happen, it could trigger a swap that results in a potential loss of funds for the user.

Mean Protocol smart contracts use the Semantic Versioning 2.0 standard (SEMVER). Different versions receive different security audits according to our Security & Auditing Framework:

Soteria is one of the top Security & Auditing firms servicing Solana, with some of the top minds in software and blockchain security research and practice. Their team of experts has over ten years of development of rigorous automated verification and patented technology, powered by mathematical proofs and maximal concolic execution.

CertiK is a pioneer in blockchain security, utilizing best-in-class AI technology to secure and monitor blockchain protocols and smart contracts. CertiK's mission is to secure the cyber world.

Security is a continuous effort that goes hand and hand with new product development, features, and improvements across our smart contracts. We continuously evaluate our security measures with continuous code reviews, unit tests, integration tests, code coverage, bug bounties, and penetration tests.

Mean Protocol's programs are owned, deployed, and upgraded through a 3/5 multisig account:
  • Programs MultiSig: 8RbALxTJZKK2q267ypXy7EyWckLBmZpnNpuCCcsqJvvn
All Mean DAO Treasuries are also managed through multisig accounts, as defined below:
  • Treasury MultiSig: Ffm9iByvunbBBkXXnBe6rz7UjLNaeq3VcAwaoZfkEJhw
Copy link
On this page
Safety
Transparency
Risks
Audits
Multisig