1/x Guide to partially protecting yourself when staking in new or untested farming contracts. Full version with pictures here ( https://gist.github.com/Spreek/0e403ea9a3cb3d11ee778e8823a8f464)
Some minimum safety measures to take when farming new or unaudited pools

Some minimum safety measures to take when farming new or unaudited pools - safer_farming.md

https://gist.github.com/Spreek/0e403ea9a3cb3d11ee778e8823a8f464
2/x I am not a security expert, this is nowhere near a substitute for a real professional audit, even following all of these steps you are at extreme risk whenever touching one of these pools. Do not put more than you can lose into any ETH smart contract.
3/x The first important thing you need to do is find the contract you will be interacting with. Sometimes this is easier than others. Often the best technique is to find the token you will be farming on etherscan, then look at the top holders.
4/x Once you find the contract address on etherscan, you want to click on contract then look at the code. What I usually do is use https://www.diffchecker.com/diff  to compare with the most similar "tested" contract (e.g. from SNX, YFI, YAM, etc.).
Diff Checker

https://www.diffchecker.com/diff
5/x What is usually ok to see: variable name changes, date/timing/supply changes, token contract address changes. What you don't want to see: upgradable contracts, a lot of new complicated logic, weird changes that you can't understand the purpose of, etc.
6/x Ok, so the contract looks good, so I can just head over to the website and throw in my life savings, right? WRONG. Regardless of the contract, we must keep in mind that a frontend can change the contracts you are interacting with at any time.
7/x An unscrupulous dev could even randomize or specifically target high value accounts connecting to his website to reduce the chances of others calling the alarm. This frontend attack is obvious, extremely easy to execute, and really only a matter of time before it is done.
8/x You have two options to protect yourself: 1) check the address of each and every transaction being sent from the front end and make sure it matches the contract address you already looked at, 2) do all contract interactions manually from etherscan.
9/x You can find a guide to interacting directly with synthetix style staking contracts on the github link.
10/x People who know more than me, please let me know if there's anything important I missed or left off. Again to reiterate, even following all of these steps, participating in these contracts is EXTREMELY risky and you should not invest more than you can lose.
You can follow @spreekaway.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.