Risks
Last updated
Was this helpful?
Last updated
Was this helpful?
Rumpel is committed to transparency. It is crucial to highlight the risks associated with Rumpel Protocol, the actions taken to ameliorate risk, as well as plans to further manage these risks.
A point distribution allows users to claim points they have not earned, caused by either:
Teams temporarily publishing inaccurate point balances and adjusting later on OR
A bug in Rumpel's distribution scripts
Mitigations:
I
Manual coordinated reviews of each Merkle root submission
Internal & external reviews of the
Proof generation clients written in different programming languages and by different engineers
A malicious actor gets control of Rumpel’s admin multisig and mints an infinite amount of Point Tokens OR attempts to steal assets in the Rumpel wallet
Mitigations
Rumpel has an, meaning that pre-approved assets transferred into the Rumpel wallet for point farming cannot be touched by anyone but the user.
Our multisig is managed by trained singers using industry-grade signing wallet technology in different locations
(Future) Enforce a cap on the amount of total point tokens that can be minted in an epoch.
Hacks/bugs, leading to a drain of funds
Mitigation:
Points can be deleted by the point issuer (note: all point holders are exposed to this risk)
Mitigations
We take great lengths to uncover and demonstrate the value of secondary marketplaces to Point Issuers
While this security feature will be deprecated in the future, we can freeze Point Token transfers and protect unsuspecting Liquidity Providers if a Point Issuer attacks Rumpel by deleting points held by all Rumpel Wallets.
Rumpel is unable to claim the airdrop through Rumpel wallets due to either of the following:
An incompatibility with the point program's airdrop infra provider
Mitigations
Proactive collaboration with multiple airdrop infrastructure providers to ensure compliant integration with their distribution systems
We will delay point token/airdrop redemptions until we’re able to support airdrop claiming
If the following conditions are all met, then there’s a risk that some users who’ve already sold their Point Tokens will unfairly claim some of the airdrop before Rumpel can prevent transfers:
Rumpel Labs is unaware of a reward token release event
The reward token is a whitelisted principal asset within Rumpel wallets
Users can claim with a non-ERC 1271 signature or the reward token is pushed to wallets
Mitigations:
Proactive advertisement of this risk and collaboration with Point Issuers
If the point issuer allows the user to delegate to a secondary account via a non-ERC1271 signature and receive their reward tokens, instead of the Rumpel Wallet
Mitigations:
Proactive advertisement of this risk and collaboration with Point Issuers
Multiple internal reviews & from the industry’s top smart contract auditors.
The point's reward token is one of the whitelisted principal assets, an asset that the admin