Harvest Finance Now Hosts $1B in Collateral, Auditors Warn About Anon Devs
Yield farmers at Harvest Finance invested a total of one billion dollars, despite the fact that developers have the administrator privileges to mint new tokens. Although several blockchain auditing companies warned the community, the DeFi market still chose Harvest Finance as one of the most successful projects in recent months. Now, we are left to see whether we can trust the project’s developers in a trustless system.
Leading on-chain auditors Haechi and PeckShield shared with the DeFi community that Harvest’s proposed governance model is not the same one we see in their smart contracts. Famous developer Chris Blec has also indicated the potential deterrent in a Twitter post. He pointed out that the developers can mint new FARM tokens. By doing so, they can instantly sell the tokens on the free market.
Blec also noted that Harvest Finance already hosts $1.1 billion in deposits and that the wallet is protected by only one admin key. Again, he repeats the fact that the project’s developer is anonymous and can drain all funds. Currently, the Uniswap pool for Harvest Finance hosts $12 million in assets, primarily in the USDC stablecoin.
The project launched for the first time in September as an automated yield management platform. It contains similar features to Yearn Finance, such as a vault. On-chain auditor Haechi confirmed that besides the minting possibilities, the developer can also change the vault’s model at any time. This would be destructive for all investors as the vault contains the rest of the locked assets.
Theoretically, the developer could at any time steal the $1 billion that investors committed. Moreover, he could also take the $12 million contained within the Uniswap LP.
Harvest Finance Devs implement Time-Lock to reassure investors
Responding to the findings of the auditing firms, the developer team decided to create a 12-hour time lock that would warn the Harvest Finance community if any malicious transactions were to take place. While this may be helpful, it could save the investors only to some degree.
Simply put, Harvest Finance is yet another classic yield farming protocol with a governance token. Farmers can provide liquidity through various assets, including WBTC, ETH, and stablecoins. However, the most prolific option is to stake the FARM governance token itself. This can be done without interacting with any other token.
Just like any other yield farming project, Harvest Finance is also completely anonymous. Despite this, the project managed to attract a sizable fund in only mere months. The biggest spike came last Saturday when the number of collateralized assets jumped from $520 million to $1.09 billion. Essentially, the value placed within the project doubled in less than a single week.
However, nothing can still be said for the developer team as they had numerous chances to steal funds. Since the start of September, the Harvest Finance team has conducted no malicious activities at all. As a matter of fact, they managed to work hard on the project for almost two months so far. Nevertheless, that is no reason to put trust in the project. After all, smart contracts serve as a perfect replacement for trust, and the developers have yet not implemented any defensive mechanisms that protect investors.