Smart Contracts

This page explains the various security risks inherent to smart contracts and the web in general

Smart contracts

All the Nested smart contracts addresses are mentioned in the following subpages of the documentation. For instance, you can find Ethereum Nested smart contracts here: Ethereum

Smart contract failures - bugs

Nested smart contracts were audited.

However, security audits do NOT eliminate risks completely. Please don’t supply your life savings – or assets you cannot afford to lose – to Nested.

Smart contract upgrades - Admin Keys

The Nested protocol is decentralized.

However, the engineers insuring maintenance are able to pause and unpause the smart contracts at will in case of a major issue.

Smart contracts CAN be upgraded with a timelock, which leaves ample time for the community to review changes.

Some functions of the protocol are privileged, and can be called by the technical team doing maintenance.

Nested will be transitioning to a DAO to be fully decentralized as soon as possible

We are securing smart contract access with multi-signatures wallets.

Smart contract attacks

The smart contracts involved in the Nested protocol have been battle-tested on code4rena (1st public contest & 2nd public contest), which has the reputation of gathering some of the best white hat hackers.

All major issues raised during the audit have been fixed.

There is no guarantee that smart contracts are flawless though – no system is entirely unbreakable.

Third parties

The Nested protocol greatly benefits from DeFi composability. Some protocols external to Nested are used to provide financial services to users. It includes, and is not limited to: 0x, Paraswap. It also includes all underlying protocols used by the ones listed.

Network attacks

Network failure & attack

Nested is a multichain protocol. There are inherent risks to using any of the blockchains supported e.g. 51% attack, network downtime etc.

Front Running & liquidity issues

On EVM-compatible (Ethereum-like) networks, users compete to have their transactions validated first. Often, bots try to front-run users to extract value. Nested protects users by allowing them to set the slippage (price tolerance) in all transactions.

πŸ’‘ Users are responsible to set the slippage accordingly to protect themselves from any front running and sandwich attacks.

Web app

DNS attack

A DNS attack on our website could allow a hacker to redirect users from Nested to a malicious website.

Nested will never ask any user for private keys, passwords, login information, or seed phrases of any sort. If you were to encounter such behavior from entities claiming to represent us, please block them and notify us immediately.

Stay safe!

Last updated