Skip to main content

Security

NOTE: These docs are under active development ๐Ÿ‘ทโ€โ™€๏ธ๐Ÿ‘ท

Float takes security and user safety very seriously.

The team behind Float is composed of many former and current smart contract auditors. We are acutely aware of potential attack vectors and follow rigorous standards of testing, and internal and external auditing before releasing code.

Before any code can be merged into main we apply a set of checks. This includes requiring all code to undergo peer review by at least one additional engineer before approval, and continuous integration testing where a suite of internally developed smart contract tests run automatically before any changes can be merged in.

However, even while adhering to high standards of safety and security we cannot guarantee that our code is free of bugs and potential exploits.

We advise users to prioritise safety. Carefully review and do detailed research before interacting with any set of smart contracts, including Float.

There have been multiple small and large scale smart contract hacks and it is an unfortunate reality that this risk exists and you should be cognizant that you can lose all your funds that are sitting in any smart contract if some vulnerability is found and exploited. The same would be true for Float Arctic and you should consider whether you want to take on this risk.

Audit history#

Float Artic - Sherlock - Nov 2022#

In November 2022 Float Arctic underwent a $35,000 smart contract audit competition with Sherlock DeFi. The contest had >70 participants, including industry recognized security experts. The audit uncovered no severe vulnerabilites or bugs which we are obviously proud of as it attests to our strong prioritization of safety. That being said, it is always possible that bugs slip through an audit process.

"With the parameters the Float team had configured for mainnet launch no issues were found on the contracts." - Jason Smythe, cofounder at Float.

The audit report can be found here and the content repository prepared for auditors can be found here. The video walkthrough of the contracts can be found here.

A.P. Morgan Sailing Club - Byterocket - Oct 2022#

In October 2022, Float released an invite only, free to mint NFT Collection, called the A.P. Morgan Sailing Club which was audited by Byterocket. All findings have been remediated.

"The protocol review and analysis did neither uncover any game-theoretical nature problems nor any other functions prone to abuse. In general, we are happy with the overall quality of the code and its documentation. The developers have been very responsive and were able to answer any questions that we had." - Byterocket.

The audit report can be found here.

Float Alpha - Code 432n4 - Aug 2021#

In August 2021 the Float Alpha deployment underwent a $50,000 smart contract audit competition with Code 432n4. Other protocols using Code432n4 include Sushiswap, PoolTogether, BadgerDAO, Convex Finance and more.

View the audit results here and the contest repo here.