Web3 security is one of the key aspects of product development under the Qoda Ecosystem. Halborn Security, one of the leading companies in Web3 security, is our partner for smart contract audits.
Quick FAQ
Has a security firm audited the Qoda DAO?
Yes, Halborn has audited smart contracts. A detailed report outlining the scope and disclosed issues can be found HERE.
Has the Qonstant DApp been audited?
Yes, Halborn has audited the Qonstant decentralized application (DApp). You can find a detailed report with the scope and disclosed issues HERE.
Has the Threebalance DApp been audited?
No, Threebalance does not operate its own smart contracts. It provides only auto-calculation and UI for rebalancing, on top of well-known, industry-leading aggregation solutions.
Qoda DAO Security Audit
Halborn audited Qoda DAO smart contracts in May-June 2024, namely:
- QODA ERC-20 smart contract,
- veQODA ERC-20 smart contract
- Reward Distributor smart contract
The team addressed all disclosed issues during the audit. The final report can be viewed on the Halborn website and in Qoda DAO Docs.
Qonstant Security Audit
In the summer of 2023, before launching on Arbitrum One, Qonstant smart contracts (before the rebranding, the protocol's name was Qoda Finance/Qoda Loans) were audited by Halborn Security. You can read the audit announcement HERE. To learn more, find the full report with greater details HERE.
Threebalance Security
Threebalance is a unique protocol that does not operate its own smart contracts. When a wallet is connected to the DApp, it receives no permissions to transfer tokens. Threebalance combines liquidity from aggregator partners. Our integrations include only large web3 companies: 1inch, Jupiter Exchange. We're working on adding more liquidity providers.
When you use Threebalance for rebalancing trades, you use one of these aggregators. They have their own audits and implement best security practices for their users. However, as in any other case of using web3 products, there are associated risks (hacks, code vulnerabilities, etc.). Always do your research.
General Security Principles When Working With Digital Assets
- Always check and read the permissions you grant when connecting your wallet to DApps.
- Install specific browser extensions that explain what you are doing and whether there are any suspicious indicators, such as Revoke.cash, Wallet Guard, Pocket Universe, or others. Remember, they can have their own security issues.
- Check transactions in your wallet when you sign them.
- Do not grant access to the maximum amount when approving transactions.
- If in doubt, cancel the connection to the DApp via the wallet; cancel approvals and signatures using tools such as Revoke.cash.
- Use wallets with enhanced security, such as Rabby.
- Always pay attention to the domain name and whether the website or DApp looks the same as when you last visited them.
- Check official links in several sources that are independent of each other. For example, you can check the links to the Qoda partner DApps in this blog post, as well as at magic.store and Arbitrum Portal.
- Save links to DApps in bookmarks, and do not click on links from search results, especially if they are ads.
- Team members will NEVER DM you first on any platform. Avoid any links that pose as ‘support’ or ‘tickets’. Ask any questions directly in chats.
Currently, the official Uniswap pool is the only way to buy QODA tokens.
Be cautious about security, Qommunity!