Security
Impeccable security
Last updated
Impeccable security
Last updated
Over the past year, we have undergone three comprehensive audits. Two of these audits were for our GLP vaults, a product which is now deprecated but had much of its code reused for our new GM Vaults. In line with our commitment to security, the GM vaults went thorough internal audits, supplemented by external audits with renowned firms like Guardian, which spent 11 months auditing GMX v2.
Our multi-layered security approach includes multi-signature wallets, time-locks for significant protocol changes, and continuous monitoring to preemptively identify and address potential vulnerabilities.
Additionally, in the past year we have added two senior auditors to our team who regularly review the code of our current product, and work on the code before the release of any product.
Importantly, we have never experienced any hacks.
Umami has integrated Chainlink Data Streams on the Arbitrum mainnet to enhance the security and precision of our GM Vaults. This integration uses Chainlink’s low-latency oracle solution, providing high-frequency market data that ensures accurate and timely trading operations.
Key Benefits
Sub-second Price Resolutions: Delivering data in sub-second timings for efficient transactions.
Frontrunning Protection: Using secure data sources and a commit-and-reveal scheme to prevent price manipulation.
Proven Infrastructure: Chainlink has facilitated over $9 trillion in on-chain transaction volume, supporting top DeFi applications with reliable data.
Data Streams Integrated
The integration includes ETH/USD, LTC/USD, DOGE/USD, BTC/USD, ARB/USD, and XRP/USD data streams, chosen for their reliability and premium data delivery.
The Umami vaults are able to provide top tier differentiated yield from typical lending products using a combination of off-chain and on-chain verification logic. The off-chain component is used to run a model that will find the next optimal weights for the strategy, including the next allocations to the GM markets and the external hedges that need to be opened.
To achieve the combination of an off and on chain strategy, the Umami Vaults utilize a tiered security approach ensuring that funds cannot be withdrawn without proper authorization and verification. There are 3 unique roles with different permissions;
This role is responsible for rebalancing the vaults periodically to maintain optimal exposure to the market. This is needed to keep the vaults balanced at the correct delta as market conditions change. Parameters are generated off-chain using financial models, this account will then submit the new weights and hedge configuration to the vaults which are validated on chain. This validation is important as it prevents any possible misconfiguration.
This role does not have any control over the funds leaving the vaults other than that is designed and verified by the strategy.
The role is responsible for signing deposits and withdrawals into the vaults is used as part of our integration with Chainlink Data Streams. The responsibility of this account is to fetch the current Chainlink signed price and submit it at the time of deposit or withdrawal. This is needed to accurately quote the current price of the assets in the vault and ensure the safety of users deposits. This is identical to the way that GMX quotes orders and liquidity provision on the GMX platform.
This role does not have any control over the funds leaving the vaults other than that is designed to facilitate deposits and withdrawals at a users request. It is only responsible for submitting a signed price from chainlink which is then verified on chain.
The Admin Multisig is a 3-of-6 and can execute routine upgrades, maintenance and configuration of the strategy. It can also pause the vaults functionality in emergency situations.
It has the ability to do the following;
Grant/Revoke keeper roles from accounts.
Update strategy configuration for the vaults. Including strategy tolerances, swap tolerances, vault fees and strategy weights for GMI.
Pause the vaults in emergency situations.
Upgrade the core logic for the vaults.
The Pauser Multisig is a 1-of-6 multisig that can also pause the vaults functionality in emergency situations, but holds no other powers.