The Aerodrome platform is a fork (open-source copy) of the Velodrome platform for the Base blockchain, largely powered by the same team.
Many of their security attributes are inherited from Velodrome, which has now been in operation for two years without security incidents. Like Velodrome, we would prefer that they have received audits of their smart contracts by more than one security company, although the one that did the audits is top notch.
We appreciate that their smart contracts are immutable, which provides security, although Aerodrome added a "Board" that can change platform parameters whenever they wish. It does not pose a serious risk to funds deposited on the platform, but it could be a vector of dissatisfaction of their community in the future if they take
Up-to-date documentation is essential for users and developers to understand how a platform works and how to interact with it securely and efficiently. Documentation that is kept up to date reflects that the team is committed to transparency and accessibility, which facilitates troubleshooting and correct use of the platform.
If the documentation is not up to date, it can cause confusion, make it difficult to implement new functionalities or lead users to make mistakes when interacting with the platform. In addition, it may be an indication that the team is not paying the necessary attention to the maintenance and continuous improvement of the platform.
Up-to-date documentation is essential for users and developers to understand how a platform works and how to interact with it securely and efficiently. Documentation that is kept up to date reflects that the team is committed to transparency and accessibility, which facilitates troubleshooting and correct use of the platform.
If the documentation is not up to date, it can cause confusion, make it difficult to implement new functionalities or lead users to make mistakes when interacting with the platform. In addition, it may be an indication that the team is not paying the necessary attention to the maintenance and continuous improvement of the platform.
Some parameters may be updated by a board, the composition of which is not specified.
If a platform's smart contracts are upgradeable, it means that they can be modified after they have been implemented on the blockchain. This can be an advantage, as it allows bugs to be fixed, new functions to be added or to adapt to changes in market conditions without the need to create a new contract from scratch.
However, this flexibility also carries certain risks. Upgradeable contracts can be exploited if upgrades are not managed properly or if control of upgrades is centralized in the hands of a few. A platform that enables upgrades must have transparent processes, such as DAO voting or multiple signatures, to ensure that changes are safe and in the best interest of the community.
If a platform's smart contracts are upgradeable, it means that they can be modified after they have been implemented on the blockchain. This can be an advantage, as it allows bugs to be fixed, new functions to be added or to adapt to changes in market conditions without the need to create a new contract from scratch.
However, this flexibility also carries certain risks. Upgradeable contracts can be exploited if upgrades are not managed properly or if control of upgrades is centralized in the hands of a few. A platform that enables upgrades must have transparent processes, such as DAO voting or multiple signatures, to ensure that changes are safe and in the best interest of the community.
Aerodrome is a fork of Velodrome and for this reason inherits Velodrome's tracking notation.
A Bug Bounty is a program that rewards those who find and report vulnerabilities in the platform. The existence of a Bug Bounty demonstrates the platform's commitment to security, as it encourages external experts to identify problems before they can be exploited.
If a platform offers high rewards for critical bugs, it is more likely to attract more researchers to review its code, which reduces the risk of attacks or serious bugs. Conversely, the absence of a Bug Bounty could indicate that the platform is not prioritizing proactive vulnerability detection.
A Bug Bounty is a program that rewards those who find and report vulnerabilities in the platform. The existence of a Bug Bounty demonstrates the platform's commitment to security, as it encourages external experts to identify problems before they can be exploited.
If a platform offers high rewards for critical bugs, it is more likely to attract more researchers to review its code, which reduces the risk of attacks or serious bugs. Conversely, the absence of a Bug Bounty could indicate that the platform is not prioritizing proactive vulnerability detection.
The code that inherits Aerodrome from Velodrome was launched in January 2024.
Pauseable smart contracts allow platform administrators to temporarily halt platform operation in the event of an emergency, such as a security vulnerability or unexpected behavior. This can be very useful to prevent further damage while the problem is investigated and fixed, thus protecting users' funds and the integrity of the system.
However, the ability to pause a contract also introduces an element of centralized control, which could be seen as a risk by some users. It is important that platforms using pausable contracts have transparent processes and clear security measures on who can pause contracts and under what conditions.
Pauseable smart contracts allow platform administrators to temporarily halt platform operation in the event of an emergency, such as a security vulnerability or unexpected behavior. This can be very useful to prevent further damage while the problem is investigated and fixed, thus protecting users' funds and the integrity of the system.
However, the ability to pause a contract also introduces an element of centralized control, which could be seen as a risk by some users. It is important that platforms using pausable contracts have transparent processes and clear security measures on who can pause contracts and under what conditions.
Aerodrome has an LTV of more than $1.3 billion.
The time that has passed since the release of the latest version of a platform can also be a sign of robustness. If a version has been around for a long time without needing major updates, it is likely that it has already withstood several attack attempts by malicious actors. This may indicate that the platform is more secure, as any serious vulnerabilities would likely have been discovered and exploited.
Conversely, newer versions may be less tested against attacks, increasing the risk that undiscovered vulnerabilities still exist. A platform with older, stable versions builds confidence, as it has proven to be resilient over time.
The time that has passed since the release of the latest version of a platform can also be a sign of robustness. If a version has been around for a long time without needing major updates, it is likely that it has already withstood several attack attempts by malicious actors. This may indicate that the platform is more secure, as any serious vulnerabilities would likely have been discovered and exploited.
Conversely, newer versions may be less tested against attacks, increasing the risk that undiscovered vulnerabilities still exist. A platform with older, stable versions builds confidence, as it has proven to be resilient over time.
Aerodrome is a fork of Velodrome and for this reason inherits Velodrome's tracking notation.
If a platform has been hacked, it is a warning sign that could affect user confidence. A hack can mean the loss of funds, data or the interruption of services, which severely impacts the platform's reputation and security. In addition, it could be a sign that the team is not taking the necessary security measures, indicating deficiencies in its ability to protect users. However, it is also important to assess how the platform responded to the hack, whether security improvements were implemented and whether users were compensated.
A platform that has never been hacked offers a greater sense of security, although it does not guarantee that it is risk-free. What is crucial is to look at how security is managed and what preventive measures have been taken to protect users.
If a platform has been hacked, it is a warning sign that could affect user confidence. A hack can mean the loss of funds, data or the interruption of services, which severely impacts the platform's reputation and security. In addition, it could be a sign that the team is not taking the necessary security measures, indicating deficiencies in its ability to protect users. However, it is also important to assess how the platform responded to the hack, whether security improvements were implemented and whether users were compensated.
A platform that has never been hacked offers a greater sense of security, although it does not guarantee that it is risk-free. What is crucial is to look at how security is managed and what preventive measures have been taken to protect users.
No time locks are mentioned
Oracles are services that provide external data to the blockchain, such as asset prices, market information or real-world events. If a platform relies on oracles, its performance is tied to the accuracy and security of that external data. Oracles are essential for platforms that need data outside the blockchain to reliably execute smart contracts.
However, this reliance also introduces risks. If an oracle provides incorrect information or is compromised by malicious actors, the platform could make wrong decisions or suffer financial losses. Therefore, it is important that a platform that relies on oracles uses several reliable and secure oracles.
Oracles are services that provide external data to the blockchain, such as asset prices, market information or real-world events. If a platform relies on oracles, its performance is tied to the accuracy and security of that external data. Oracles are essential for platforms that need data outside the blockchain to reliably execute smart contracts.
However, this reliance also introduces risks. If an oracle provides incorrect information or is compromised by malicious actors, the platform could make wrong decisions or suffer financial losses. Therefore, it is important that a platform that relies on oracles uses several reliable and secure oracles.
When the utility of a platform depends on the price of its token, this means that the value of the token directly influences how users interact with the platform. If the token loses value, the incentives to use the platform could decrease, which can negatively affect its adoption and usage.
On the other hand, a platform that does not depend on the price of its token has greater stability in terms of its functionality. This means that regardless of token volatility, users can continue to use its services without worrying about price fluctuations.
When the utility of a platform depends on the price of its token, this means that the value of the token directly influences how users interact with the platform. If the token loses value, the incentives to use the platform could decrease, which can negatively affect its adoption and usage.
On the other hand, a platform that does not depend on the price of its token has greater stability in terms of its functionality. This means that regardless of token volatility, users can continue to use its services without worrying about price fluctuations.
Total Value Locked (TVL) measures the total amount of money or assets locked in a DeFi protocol. It is an indicator of users' popularity and trust in the platform, as a high TVL usually means that many people trust their funds to it, which can be a sign of stability and security.
LTV gives an idea of the size of the platform and its adoption in the market. A low LTV may indicate that the platform is new or less trusted, but it may also represent opportunities, such as fewer competitors for returns.
Total Value Locked (TVL) measures the total amount of money or assets locked in a DeFi protocol. It is an indicator of users' popularity and trust in the platform, as a high TVL usually means that many people trust their funds to it, which can be a sign of stability and security.
LTV gives an idea of the size of the platform and its adoption in the market. A low LTV may indicate that the platform is new or less trusted, but it may also represent opportunities, such as fewer competitors for returns.
Knowing whether the current version of a platform has been audited is crucial to assessing its security. An audit implies that security experts have reviewed the code to detect possible vulnerabilities or bugs. If a platform has been audited, it increases the confidence of users, as it has been proven that it works securely and follows good development practices.
If it has not been audited, the risks increase, as there could be undetected failures that compromise users' funds or the stability of the platform. Audits are a key tool to protect users and strengthen the platform's reputation.
Knowing whether the current version of a platform has been audited is crucial to assessing its security. An audit implies that security experts have reviewed the code to detect possible vulnerabilities or bugs. If a platform has been audited, it increases the confidence of users, as it has been proven that it works securely and follows good development practices.
If it has not been audited, the risks increase, as there could be undetected failures that compromise users' funds or the stability of the platform. Audits are a key tool to protect users and strengthen the platform's reputation.
If a platform has suffered from any controversy, this can affect user confidence and the platform's reputation. Controversies may include security issues, mismanagement of funds or conflicts in the community, which could make users hesitant to entrust their assets to the protocol.
The dispute history gives an idea of the transparency and robustness of the project. A platform with serious or frequent disputes may indicate underlying problems, while one without disputes or with resolved issues may generate more trust among users.
If a platform has suffered from any controversy, this can affect user confidence and the platform's reputation. Controversies may include security issues, mismanagement of funds or conflicts in the community, which could make users hesitant to entrust their assets to the protocol.
The dispute history gives an idea of the transparency and robustness of the project. A platform with serious or frequent disputes may indicate underlying problems, while one without disputes or with resolved issues may generate more trust among users.
Timelocks in smart contracts add an additional layer of security by introducing a time delay before changes or updates to the contract can be executed. This allows users and the community to audit and review proposed changes before they go into effect, reducing the risk of malicious changes or sudden errors.
The use of timelocks benefits users by providing more transparency and control, as it allows time to react in case an update or action appears suspicious. If a platform uses timelocks in its smart contracts, it demonstrates a commitment to security and the protection of users' funds.
Timelocks in smart contracts add an additional layer of security by introducing a time delay before changes or updates to the contract can be executed. This allows users and the community to audit and review proposed changes before they go into effect, reducing the risk of malicious changes or sudden errors.
The use of timelocks benefits users by providing more transparency and control, as it allows time to react in case an update or action appears suspicious. If a platform uses timelocks in its smart contracts, it demonstrates a commitment to security and the protection of users' funds.
If the latest version of a platform has been hacked, it is a sign that there may be serious vulnerabilities that the developers have not addressed effectively. A recent hack indicates that malicious actors have found and exploited flaws in the system, which can lead to distrust in the security of the platform.
On the other hand, if the latest version has not been hacked, especially after being in operation for a significant time, this reinforces confidence in its security. The longer a version withstands attacks without being compromised, the more likely it is to be stable and secure.
If the latest version of a platform has been hacked, it is a sign that there may be serious vulnerabilities that the developers have not addressed effectively. A recent hack indicates that malicious actors have found and exploited flaws in the system, which can lead to distrust in the security of the platform.
On the other hand, if the latest version has not been hacked, especially after being in operation for a significant time, this reinforces confidence in its security. The longer a version withstands attacks without being compromised, the more likely it is to be stable and secure.
The quality of smart contract code is essential to ensure the security and proper functioning of a platform. Well-written, clean and thoroughly tested code reduces the risk of bugs or vulnerabilities that can be exploited by malicious actors. In addition, the presence of unit tests and independent audits indicates that the development team is committed to quality and security.
Poorly structured code, without testing or with unused functions, can be an indication of development problems and a sign of potential future risks. Transparency in code review and following good development practices are key to ensuring that smart contracts work securely and efficiently.
The quality of smart contract code is essential to ensure the security and proper functioning of a platform. Well-written, clean and thoroughly tested code reduces the risk of bugs or vulnerabilities that can be exploited by malicious actors. In addition, the presence of unit tests and independent audits indicates that the development team is committed to quality and security.
Poorly structured code, without testing or with unused functions, can be an indication of development problems and a sign of potential future risks. Transparency in code review and following good development practices are key to ensuring that smart contracts work securely and efficiently.
Velodrome is powered by veDAO, a decentralized organization.
Although they count a well-known figure in the crypto world, André Cronje, as one of their most important members, the other members of the team are not known.