From the technical side of things, the single vault we reviewed for GatorVaults is a simplified compounding vault based on Beefy. The GatorVaults team has gone to great lengths to reduce governance risks and all possible ways in which the funds could be stuck in the vault. They’ve also promised to implement an extremely long timelock which hasn’t been confirmed yet as the protocol hasn’t launched at the time of this post.
While Beefy vaults contain a few significant governance risks (upgradeability and configurability), this functionality has been taken out of GatorVaults. This means that the Gator vault we reviewed is largely non-custodial and we found no way in which the owner could withdraw the staked tokens.
Note that we’ve only audited a single vault: The VGator vault that compounds tokens into VGator in the underlying RewardPool. If the project releases new vaults, these are not audited by us. As the vault we reviewed uses the native token as the single asset, we would also like to note that trusting the team and token is important when entering in, as the token can decrease in value rapidly even though the code is perfect.
The main risks you want to look out for are:
- Ensure that the vault address you approve and stake in matches the one from our audit. This can be verified by comparing it against the contracts page in our audit. We’ve only audited one vault so if you stake in another one this one might not have been audited (either by us or another audit company).
- The risk of the native token’s value dropping rapidly simply due to the nature of yield farming. Carefully assessing the team, token and project can help with this.