We’re fully open-source, meaning that all of our Smart Contracts are publicly visible for maximum transparency.
Our contracts are verified on the AVAX Explorer; what you see is what you get.
Security Best Practices:
All of our contracts are behind a 24-hour time-lock to give our Penguins peace of mind. This means any change will go into effect the day after it's been pushed.
Our team is anonymous to the public (identities shared with core team members @ Ava Labs) to ensure that no one can use personal information to potentially compromise the security of the project.
Furthermore, we employ certified cyber security consultants with experience in working in Cyber Security Operations Center. This enables us to take a more proactive approach to cyber security:
Threat Intelligence Gathering:
We gather threat intelligence from DeFi breaches to make sure that our contracts are not vulnerable to the same exploits.
Our consultants closely follow the latest trends in the cyberspace ensuring that we can react quickly to emerging threats.
We run our own vulnerability assessment program. This means that our web application is regularly assessed for known and new vulnerabilities.
In September 2021, our team completed a thorough internal review of our web application. The review identified 2 vulnerabilities - 1 medium (ClickJacking) and 1 low (data leakage). These vulnerabilities have been fixed.