# Protocol Due Diligence: [ Alpaca Finance ] ## Overview + Links Alpaca has two main products in the FTM lending and leveraged farming. For lending, users can lend the tokens in exchange to ib tokens (not rebased like AAVE) and stake it in the MiniLaunch(masterchef) for extra alpaca rewards. Users can only lend the tokens but not borrow. Borrow is only available for leveraged farming product users. Since the lending is undercollat utilization can be high sometimes but also can not remain long because the borrows are controlled with smart contracts. If the utilization high then the leveraged farmers borrow APY will be higher and most of their farming yield will be sent to lenders to cover higher borrow APR untill the yield is actually not generating anything. For leveraged farming, let's move on this on an example. Bob has 5000K$ USDC and wants to farm USDC-WFTM pool on Spookyswap. Instead of selling his capitals half to WFTM, Bob goes to alpaca and borrows 5000$ worth WFTM (not manually borrows tho contracts does it for him) and farms 10K worth position with 2x lev and exposure to WFTM. Yield will automatically pay the debt to lending pool and remaining will be Bob's. Bob can also get liquidated if his LP tokens can not efford the borrowed 5K$ WFTM. - **[Site](https://app.alpacafinance.org/lend)** - **[Team](https://www.bnbchain.org/en/blog/bsc-project-spotlight-alpaca/)** - **[Docs](https://docs.alpacafinance.org)** - **[Audits and due dilligence disclosures](https://docs.alpacafinance.org/our-protocol-1/transparency)** ## Rug-ability **[**All contract addresses deployed**](https://github.com/alpaca-finance/bsc-alpaca-contract/blob/main/.fantom_mainnet.json)** **Proxy:** Proxy admin address https://ftmscan.com/address/0xa625ab01b08ce023b2a342dbb12a16f2c8489a8f#readContract **TIMELOCK:** Timelock contract is identical as the Compound's timelock contract. All transactions are delayed for minimum 2 days and maximum 30 days after execution and if the queued transaction not executed in 14 days (grace period) tx is no longer valid. All transactions are submitted first to queueTransaction function with minimum 2 days delay. Once the 2 days passess, admin can call the executeTransaction function to make the changes. Both queue and execute functions are capable of doing low level calls inside their function body which gives the admin flexibility to perform various of calls. Also, both queue and execute can only be called from Admin account which is a multisig. There are no other authority roles to perform functions. Timelock contract currently has 2 days delay, same as Compound https://ftmscan.com/address/0xafd1eb025bf584a11112a3fc790bd715ed9a98b1 Timelock admin && Proxy admin owner address https://ftmscan.com/address/0xc44f82b07ab3e691f826951a6e335e1bc1bb0b51 **Upgradable Contracts:** These are the 3 contracts that we directly interact with inside the strategy and they are all owned by the timelock contract. 1- ibFTM(yield bearing token): https://ftmscan.com/address/0xc1018f4Bba361A1Cc60407835e156595e92EF7Ad 2- ibUSDC(yield bearing token): https://ftmscan.com/address/0x831332f94C4A0092040b28ECe9377AfEfF34B25a 3- MiniFL(a.k.a masterchef): https://ftmscan.com/address/0x838B7F64Fa89d322C563A6f904851A13a164f84C **Some other potentially important upgradable contracts to mention** 1- Worker config contract. Worker config contract can set the oracles and configs for alpaca strategies. (**This contract is owned by the timelock admin not the timelock itself**. It can choose oracles and set up the configs as it wants) https://ftmscan.com/address/0xebe06f7370973abe2bf051f14dbf5f5faf2cc544 2- Simple oracle contract. Oracle contract is used for calculating the liquidation prices on borrowing.(**This contract is owned by the timelock admin not the timlock itself**. It has some powerful authority. It can set the price of tokens!) 3- All of the worker contracts (leveraged yield farming strategies) are **not owned by the timelock but owned by the timelock admin**. Some examples: **[USDC-WFTM Spooky worker](https://ftmscan.com/address/0x29A7929520ADdC7D3000a81129d4E5Aa7a571f49#code)** **[TOMB-WFTM Tomb worker](https://ftmscan.com/address/0x77d23aFF927f3d46e51D449372c957B3CBBFB40e)** **[ETH-WFTM Spooky worker](https://ftmscan.com/address/0x1CcA30728F7a82B517Fa174a1163503946054d04#code)** **[USDC-WFTM 3x SPK2 DeltaNeutralSpookyWorker](https://ftmscan.com/address/0x0e807E2F50dfe8616636083Ba5ecef97280338cf)** https://ftmscan.com/address/0xca1Cf7C64481B8C095828d380922505E5942C60D **Decentralization:** All contracts are owned/managed by timelock contract ## Misc Risks 1. **Limited liquidity for alpaca token** Only liquidity source for ALPACA token is in SPOOKY swap and the total liquidity is 145K$. Due to low liquidity big swaps will always end up with bad/unfair trades. APY will be lesser because we will not get the full efficieny from the rewards compounding. * solution: Best thing to do here is keeping the debt ratio low so we do not dump too many tokens and AMM gives us fair prices also we do not dilute the staking APY. Also if we harvest frequently and dump smaller amounts of alpaca, arbitrageurs would re-balance the price between BSC alpaca pools and FTM alpaca pools 2. **High utilization** ALPACA lending pools can only be used on leveraged farming which controlled by other smart contracts in ALPACA. Lending is undercollateralized but basically only the leveraged farmers in ALPACA can use them. This means that sometimes utilization can go pretty high and we might not find funds to withdraw. However, since the borrowers are controlled by ALPACA the debt will return eventually unless ALPACA contracts are not exploited. * solution: If the utilization rate is high we can put the strategy back at the queue. If not we can leave it in start/middle of the queue. ### Audit Reports / Key Findings For all the audits **[here](https://docs.alpacafinance.org/our-protocol-1/transparency)** 1-**[Certik Vault Audit Partially resolved major issue](https://github.com/alpaca-finance/bsc-alpaca-contract/blob/main/audits/protocol/CertiK%20Security%20Assessment%20for%20Alpaca%20Finance%201.pdf)** ATC-04 section As its stated in the link above, **[alpaca token contract](https://bscscan.com/address/0x8f0528ce5ef7b51152a59745befdd91d97091d2f#code)** in BSC has a manualMint function where owner can mint alpaca tokens freely. Briefly, alpaca team has a 'shield' contract which is only account can call this function and it has 8M cap for minting manually. Shield contract is also owned by the timelock in bsc which has minimum 2 day delays. Detailed response from the team why they have this function can be seen in the above link 2- **[Inspex Audit on leveraged farming strategies in FTM](https://app.inspex.co/library/alpaca-finance#?scope=alpaca-finance-spookyswap-integration-fantom-expansion)** **This audit looks like is the only audit for the FTM deployments. Above audit highlights the centralisation of the contracts and issues it as "Alpaca team will use timelock contract for owning the upgradable contracts". However, as we can see above, leveraged yield strategies are not owned by timelock yet.** ### Anything else N/A # Path to Prod ## Strategy Details - **Description:** https://github.com/tapired/StrategyAlpacaLender - **Strategy current APR:** 5% - **Does Strategy delegate assets?:** No - **Target Prod Vault:** 0.4.3 - **BaseStrategy Version #:** 0.4.3 - **Target Prod Vault Version #:** 0.4.3 ## Testing Plan (n/a been working in production) ### Ape.tax - **Will Ape.tax be used?:** yes - **Will Ape.tax vault be same version # as prod vault?:** yes - ~~**What conditions are needed to graduate? (e.g. number of harvest cycles, min funds, etc):**~~ ## Prod Deployment Plan (n/a already deployed) - **Suggested position in withdrawQueue?:** If utilization high it should be in back of the queue, if not it can be in the first in the queue. - **Does strategy have any deposit/withdraw fees?:** No fees are taken on deposit/withdrawals - **Suggested debtRatio?:** 8% - **Suggested max debtRatio to scale to?:** up to 15%-30% depending on the ALPACA-WFTM liquidity in spookyswap ## Emergency Plan - **Shutdown Plan:** Debt ratio to 0. Done in production with no issues - **Things to know:** - **Scripts / steps needed:** n/a - **Is it safe to...** - call EmergencyShutdown: Yes. Covered in test - remove from withdrawQueue: Yes - call revoke and then harvest: Yes. Covered in test