BitGuru has gone through great effort during our audit to improve the quality of their protocol, including a redeploy of the tokens and vault contracts to fix most of the issues we found. This should result in safer V2 contracts then the V1 version.
The protocol is a fork of AutoFarm, which is considered quite safe. The strategy we received is supposed to stake the LP tokens in Quickswap reward contracts.
The main things you want to be looking out for is that when you are depositing into a vault, you are approving and depositing into the Masterchef contract of this audit. Furthermore, you want to double check that the pool ID you are depositing in is a pool with a strategy contract identical to the one we audited.
When staking in this project, the main risks you want to look out for are:
- Ensuring the contract you approve and stake in matches the audited Masterchef contract.
- The pool ID you stake in is linked to a strategy like the one we have audited (the source code should match identically).
- The strategy you deposit into is actually linked to the appropriate QuickSwap rewards contract. This is the farmContractAddress variable on the strategy.
- You trust QuickSwap and their rewards contracts, since you are actually depositing in them through the vault mechanism. As with many staking contracts like the QuickSwap one, there are edge cases that these contracts could break and block withdrawals. That being said, QuickSwap appears to be established in the ecosystem.