TorCash

The TorCash team tries to ambitiously combine the Tornado Cash protocol inside the Masterchef. This effectively allows for deposited funds to generate yield until they are eventually withdrawn.

During our audit, the auditing team found a large degree of severe issues as documented in the report. A large number of these issues have been mitigated to a great extent, but not all of them were resolved, and we recommend investors to carefully go through the audit to form their opinion. Since there were many issues, it was also more difficult for our auditors to be confident that there could not be more.

We recommend the TorCash protocol to carefully reconsider and reimplement their current protocol from the ground up, instead of patching each and every issue separately. We believe that a careful redesign of the protocol could lead to a safer protocol overall.

Potential risks:

• The audit has many issues, most of which were resolved but without a redeployment these were individual patches
• The frontend could spy on your deposit notes. If you don’t trust the team, consider turning on airplane mode while depositing to copy the bytecode of your transaction and the note to actually create the deposit on a second  connected machine. This method should of course be carefully tested with a small amount.
• The native token often quickly goes down in value simply due to the nature of yield farming. Carefully assessing the team and value can help with this risk.