However, security audits do NOT eliminate risks completely. Please don’t supply your life savings – or assets you cannot afford to lose – to Nested.
Smart contract upgrades - Admin Keys
The Nested protocol is decentralized.
However, the engineers insuring maintenance are able to pause and unpause the smart contracts at will in case of a major issue.
Smart contracts CAN be upgraded with a timelock, which leaves ample time for the community to review changes.
Some functions of the protocol are privileged, and can be called by the technical team doing maintenance.
Nested will be transitioning to a DAO to be fully decentralized as soon as possible
We are securing smart contract access with multi-signatures wallets.
Smart contract attacks
The smart contracts involved in the Nested protocol have been battle-tested on code4rena (1st public contest & 2nd public contest), which has the reputation of gathering some of the best white hat hackers.
All major issues raised during the audit have been fixed.
There is no guarantee that smart contracts are flawless though – no system is entirely unbreakable.
The Nested protocol greatly benefits from DeFi composability. Some protocols external to Nested are used to provide financial services to users. It includes, and is not limited to: 0x, Paraswap. It also includes all underlying protocols used by the ones listed.
Network failure & attack
Nested is a multichain protocol. There are inherent risks to using any of the blockchains supported e.g. 51% attack, network downtime etc.
Front Running & liquidity issues
On EVM-compatible (Ethereum-like) networks, users compete to have their transactions validated first. Often, bots try to front-run users to extract value. Nested protects users by allowing them to set the slippage (price tolerance) in all transactions.
💡 Users are responsible to set the slippage accordingly to protect themselves from any front running and sandwich attacks.
A DNS attack on our website could allow a hacker to redirect users from Nested to a malicious website.
Nested will never ask any user for private keys, passwords, login information, or seed phrases of any sort. If you were to encounter such behavior from entities claiming to represent us, please block them and notify us immediately.