How not to get REKT

Seldon’s dictionary defines Rekt as putting your money into a project run by either inexperienced or just plain dastardly developers, which then have the protocol either rugged or hacked so that you lose all your money.

This is obviously bad. So as part of the Pangolin team designing for V2 of the protocol, this is something that we take very seriously.

So let’s do a bit of a history lesson in the biggest hacks in cryptoland.

[Julien and his friends over at Rekt have a wonderful leaderboard showcasing just how much money has been lost in crypto due to people getting rekt.

Of the 42 projects that make up the leaderboard 17 (40%) went unaudited for an average rekting (sic) of $15,307,529.41

Fairly obvious not getting audited seems like a rather bad idea in the world of DeFi.

Audits however are expensive. Not only that, the best firms are often booked out 6 months in advance.

So how do proceed? We have a few options:

  1. Not audit V2

  2. Audit V2 with a second or third tier auditing firm

  3. Audit V2 with the only security firm to not have been rekt

We’re proposing option 3. However option 3 is not cheap, it’s expensive. It’s going to cost alot of money to hire the best people in the world. However We’d argue, that since Pangolin currently has over $150 million in USD in TVL, anything less than 0.5% of that, represents an acceptable amount of money to ensure the highest probability of safety.

So, for argument sake, let’s say that everyone agrees that we should use the gold standard. The gold standard being Trail of Bits. How do we pay for their services:

  1. Use the treasury funds

  2. Use interest that we earn from the treasury funds

We’re proposing option 2. The community treasury currently has over 16 million PNG in it. We’re proposing that we take 1 million PNG and use that PNG to invest in BenQi and earn interest. We let the money earn interest until we need to pay for the audit when Trail of Bits becomes available and V2 is ready for review.

This, in my mind, serves the following benefits:

  • This will be our most expensive expense to date and we will be funding it with interest and not reducing our Treasury holdings

  • We will be diversifying our treasury

  • We will be supporting Avalanche native projects

We’d be very interested to hear your thoughts?


Telegram poll has been posted to gauge sentiment on investing the treasury funds


Yes of course, we need invest in more safety for our money.
It’s a good way to use interest for pay a part of this.