Share this page!

DeFiSafety Profile picture
Twitter logo
Jun 9 27 tweets 12 min read
1/21 Tempted by $USDD to bridge to @trondao? That supple and bouncy claimed 30% APY offering comes with a few strings attached. Let's dig in and make sure you don't regret it the morning after —>
2/21 Let's start with nodes: TronScan claims some 6000+ operate. This is impressive! Ethereum doesn't have this many. However, when you look at their documentation, they use a 27 node "Super Representative" system. What this indicates to us is that 27 nodes validate.
Link for 2/21➡️developers.tron.network/docs/super-rep…

#DeFi
3/21 Of these 27 nodes validating through Delegated Proof of Stake, we found validators in South Africa, China and the US. This promotes network security. However, so long as "Super Representatives" are....
...indicated as the sole validators, the network is functionally permissioned. This presents significant technical risk.
4/21 Despite an impressive public repository, #TRON only documents one node implementation. While we value the philosophical quotes each release is accompanied by, we'd value more a greater diversity of node clients...
..Furthermore, we see some good discussion on each new release but we'd also like to see more contributors. More eyes improve security.
5/21 #TRON does not clearly document original node software function documentation. This would help researchers further understand how the node software functions and avoid crises like the one that occurred in 2019: thenextweb.com/hardfork/2019/…
6/21 However, it does provide comprehensive documentation and traceability for code with each new iteration of their node software. This promotes security via transparency. As for transparency on the chain itself, the block explorer is of relatively good utility.
7/21 We found their “Tron ETF” document particularly entertaining - see the image on the cover. It still lacks the polish of the unmatched @etherscan.io in navigating the chain due to limited quality of life improvements such as contract revoke tools. tronscan.org/#/
8/21 We’re also concerned by the disparity between TVL on @TRONSCAN_ORG versus what an independent and respected third party reports it to be - $6B. By contrast, TronScan indicates $12B. This disparity calls into question the use of the block explorer. defillama.com/chain/Tron?cur…
9/21 As for testing, it appears tron’s node has undergone some robust testing. By our count, over 200,000 lines of test code are documented. However, with only 53% code coverage, questions could be raised about how meaningful this testing is. app.codecov.io/gh/tronprotoco…
10/21 Without formal verification or clear instructions for users on how to replicate tests, we’d say that #TRON should certainly consider promoting transparency for third parties. Recreating tests promotes security.
11/21 Finally, this brings us to the security features Tron has implemented. Tron’s software is publicly unaudited, and has no bug bounty worth discussing....
... Despite having a TVL of over “$12B”, only $10,000 is offered to people seeking to disclose vulnerabilities. dnews.com/tron-trx-found…
12/21 This is frankly unacceptable given the fact that Tron node software remains provably unaudited and they’ve had previous close calls, such as the one identified in 6/ ...
.... This is something that can be quickly implemented and will bring immediate results. medium.com/immunefi/armor…
13/21 So, as you can see, Tron isn’t the decentralized L1 it claims to be. The assets built on top of it claiming to be the most decentralized are thus also not decentralized. The infrastructure to which they are deployed presents technical risk.
14/21 @trondao should be congratulated for not suffering documented downtime over its operation. Few chains have operated for such a long time without suffering some form of outage. There have been close calls, yes, but they were luckily averted thanks to @Hacker0x01
15/21 There are no documented cases of transaction censorship either. This is important for any #blockchain. However, given that roughly 99.7% of all TVL is stored in protocols that have some variation of “Justin Sun” (the founder of #TRON in their name, this is unsurprising
16/21 Looking forward, we’d like Tron to consider increasing the number of Super Representatives. This is a foundational issue that makes the technical risk of this chain significantly higher than it otherwise would be. More validators make a more resistant network.
17/21 Good documentation and robust development practices are let down by weak security infrastructure like absent public audits and irrelevant bug bounties. In our eyes, this chain is better than some but certainly not polished enough for us to endorse using it either.
18/21 Whatever exciting yield opportunities advertised to you should be tempered with the careful reminder that if you’re unsure of where the yield is coming from, it’s probably you...
... This is then compounded by the risk of the base layer on which these opportunities rely on. Does this fit your risk profile, anon?
19/21 Whatever exciting yield opportunities advertised to you should be tempered with the careful reminder that if you’re unsure of where the yield is coming from, it’s probably you... #TRON
20/21 (20/21) This is an extended snippet of our Tron chain report. For the full report, 14 other chains, scores on some 30,000 contracts as well as the protocol scores you know and love, please visit DeFiSafety.com/app and buy a subscription.
21/21 @trondao @justinsuntron @trondaoreserve @Poloniex @TronixTrx @WINkorg777 @WinkLink_Oracle @TRONSCAN_ORG @sunyuchentron @defi_sunio @TONi_ZH1 @PerelloLaurent @HEjustinsun @GrenadaWTO @TronColony @Marcus_ZhaoHong @Drewawise_ #DeFi #blockchain

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with DeFiSafety

DeFiSafety Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @DefiSafety

DeFiSafety Profile picture
Jun 10
(1/7) 🚀 We have a new top 3 arrival within our PQR high scores. @AngleProtocol, specialized in stablecoins pegged to the Euro, issues spectacular documentation and offers minute details as to every angle of their protocol. #StableCoin Image
(2/7) Software documentation is a hard process to go through and siding the likes of Synthetix, AAVE, Liquidity is nothing short of an accomplishment. Great testing suite, spot-on smart contract documentation, clear admin controls, What does Angle not cover..? Nothing, it seems.
(3/7) One strong and unique perspective displaying Angle's acuteness in smart contract documentation is the outlining of immutable AND mutable references when discussing change capabilities, followed by software functions.
Read 7 tweets
DeFiSafety Profile picture
Jun 8
1/7 Bancor, or as @IamSuperMassive likes to call them "the (unkillable) cockroaches" of DeFi, keep up AND surpass their invincible process quality record. They've increased an impressive 6% from a base of 90% despite our review system growing more complex. Image
2/7 We have nothing but praise to say here. Flawless explanations for both developers and users relating to how the protocol functions, great audit hygiene, a delicious bug bounty offering ... we could go on. Truly outstanding work dears.
3/7 We're especially grateful that they clearly explain how @Bancor manages their ownership. This is critical information that users must know, and we are reassured that they are clear in expressing it.
Read 7 tweets
DeFiSafety Profile picture
Jun 7
1/28 Due to repeated downtime, @solana has the second worst final technical risk score of the 15 chains that we have reviewed so far. Only @Ronin_Network has a lower score at this point. This is for a variety of reasons. 🫤
2/28 Firstly, Solana's base score is low. Despite a public software repository and some good documentation, their infrastructure relating to nodes is subpar.
3/28 There is only one node implementation (we will address this later), the updates are handled in a haphazard manner and there is no process for an archive node.
Read 29 tweets
DeFiSafety Profile picture
Jun 6
1/5 Concocting the magic potions of #DeFi, Alchemix does not fail to provide the right recipes for its code documentation. With impeccable security, admin controls and documentation, the protocol is a great broom to ride through your DeFi wizardry.
Final score: a whopping 80%.
2/5 To support this high score, thorough audits and a high bug bounty reward proved to be the winning formula for this magic potion. Add into the (Alche)mix their straightforward smart contract change capabilities and ownership roles and you get yourself a valuable elixir.
3/5 The only points Alchemix lost for Gryffindor would have to be their testing suite. With no testnet or testing documentation, some may be warry of Alchemix' elixir. However, because of their beyond reasonable TtC ratio, DeFiSafety will make sure to stock up on them' potions.
Read 5 tweets
DeFiSafety Profile picture
May 26
1/9 Impossible Finance has defied the realms of reality this past month, raising its score to an outstanding 94%. With brand new documentation to showcase information of vital importance, the team has shown a commitment to expert-level process quality 🧵⬇️
2/9 Firstly, the launchpad provider had a decent running start in our core transparency metrics. Addresses are public and easily found, devs are doxxed, technical documentation was present, and the well-maintained GitHub contained fully open-source software.
3/9 However, one thing that was clearly missing was admin control information. Upon establishing contact with the developers, they worked very hard to produce this important document. It can now be found here: impossiblefinance.notion.site/Contract-Addre….
Read 9 tweets
DeFiSafety Profile picture
May 25
1/7 Over the past two months, Synthetix has worked hard to achieve a 97% score, and is tied for the current top score with @LiquityProtocol ! As such, it is time to syntherely congratulate the protocol and underline what went into this groundbreaking effort.
2/7 First, Synthetix has always had a rock-solid base. Its technical documentation is anything but artificial and does a great job at covering its entire smart contract architecture. Moreover, the traceability of the source code implementations is excellent.
3/7 Speaking of source code, Synthetix has one of the most well-developed GitHub repositories that we have seen. Testing depth is commendable, and all unit testing is fully available. A formal verification puts a cherry on top of these vast software development standards.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(