Blog home

Audits

The Ones in the Arena: Malt Protocol

undefined blog post image
“If you believe in the power of open source, then you should believe in the power of open security.” — 0xScotch, Lead Dev / Founder, Malt Protocol

Malt Protocol’s V2 launch is on the horizon, which means — you guessed it — it’s audit time. The algorithmic stable coin first launched back in June, but the team has been working towards a V2 since then, with an eye on security as well as on building a more elegant and simplified calculation for vested earnings.

Code4rena is excited to welcome Malt Protocol into the arena for an $80K audit contest starting November 25. As we gear up for the contest, we asked 0xScotch, Malt’s Lead Dev and Founder, to tell us more about the vision for the protocol, the role security plays in the project, and his views on DeFi more broadly.

What are you building, and what sets it apart from similar offerings in the space?

An algorithmic stable coin that arbitrages itself and democratizes the profits to all LPs — avoiding bots hoarding profit, as seen in other algo stables.

What’s your vision for your project? What are you building towards in the longer view?

Our long term vision is to become the backbone stablecoin of a fully decentralized future.

“If the average DeFi dev knew the basics of security, it would allow the true security professionals more scope to find the esoteric issues.”

What’s the most innovative idea in your protocol?

Implied collateral. In a nutshell, this is dynamic collateral that backs the Malt stablecoin. Instead of the collateral being entirely static, as it is in other stablecoins, Malt’s implied collateral is built from protocol profit that will ultimately go towards user rewards.

However, on its journey into the hands of users, it moves through the system, acting as collateral to maintain the Malt peg. Under many scenarios this allows Malt to provide guarantees of a fully collateralized token, while offering the reward incentives of a fully algorithmic stablecoin.

It takes courage to undergo a public audit by a swarm of anonymous security researchers. It also says a lot about how much you prioritize security. What advice would you give to those on the fence?

If you believe in the power of open source, then you should believe in the power of open security. Offering up the opportunity for many researchers with various backgrounds to scrutinize your project will ultimately lead to a better overall product.

“Governance tokens in the way most projects do them do not solve the governance problem in a satisfactory way.”

Security has become an increasingly vital topic in DeFi. How do you think the ecosystem needs to evolve in order to rise to the challenge?

I think there has to be more education for DeFi developers, and not simply leave the security to the security professionals. If the average DeFi dev knew the basics of security, it would allow the true security professionals more scope to find the esoteric issues.

I also strongly believe in more open security being better for the growth of DeFi. If your project is open source and there are bugs, they will get found; you just get to choose when — during the dev/audit cycle, or after deployment.

What gets you most excited about DeFi?

Open composability of base primitives. The ability to unilaterally pull third party projects into yours is incredibly powerful. We have seen the power of this at the source code level through Web 2.0, and we will see the power of this at the application level through Web 3.0.

Complete the following sentence: “I wish more DeFi projects would…”

Think harder about how to handle governance. It’s all too easy to just airdrop a new governance token to your users and everyone is seemingly happy. (Team makes money, users make money… win-win, right?) Unfortunately, this seems to focus on the financial gain of the token rather than asking if it fundamentally solves the difficult problem of large-scale, decentralized governance.

In my humble opinion, governance tokens in the way most projects do them do not solve the governance problem in a satisfactory way.

“For anyone wondering if they should pull the trigger on an open audit, they absolutely should.”

What DeFi project name do you wish you’d thought of first?

Alchemix.

What do you geek out about, beyond DeFi?

Electronics and music.

Is there anything else you want to make sure we include?

Our V1 had a critical bug in it that resulted in user funds being irretrievably locked. We used 96% of our dev treasury to pay back the lost funds. We then set to work to build a more robust and secure V2. This is where we came to Code4rena, to get a strong audit from some of the best security researchers in DeFi.

For anyone wondering if they should pull the trigger on an open audit, they absolutely should. It’s worth the price to save the heartache and expense of finding avoidable bugs after it’s too late.

Learn more about Malt Protocol:

Malt Protocol’s $80K security audit contest opens November 25, 2021, and runs for 7 days. Details at code4rena.com.

The Ones in the Arena spotlights emerging and established DeFi projects and their founders, with an eye to celebrating and learning from them. The series’ name is inspired in part by Teddy Roosevelt’s famous quote, which has a central place in Code4rena’s philosophy.

Related Posts

The Ones in the Arena: Krystal blog image
The Ones in the Arena: Doubler blog image
undefined blog image