If you used Primitive between January and March 2021, you must reset your approvals to prevent loss of funds. Click here to reset them!
Risks of Using Primitive Finance
There are smart contract and economic risks in every interaction with the protocol.
Incidents
On February 21, 2021, Primitive's UniswapConnector smart contract was identified to have a vulnerability that exposed wallets which approved the contract. If you used the Primitive app between January and February of 2021, please reset your approvals for the vulnerable smart contract by clicking the button below:
Admin Keys
The Primitive V1 Option token contract has no admin functions. Every Externally Owned Account and smart contract has the same permission status. The core Option token contract cannot be paused or changed.
The Primitive Option Factory contract has an admin-controlled function to pause FUTURE deployments of Options. This will only be in the first Option Factory contract, and will be removed after the contracts have been battle-tested for several months. The factory has no control over Options which have already been deployed.
The Primitive Router contract has an admin-controlled function to pause the Primitive Router contract. This does not pause the functionality of the protocol, it only prevents "UX" functions from being executed. "UX" functions are a multi-step operation that is bundled into a single transaction, to save the user gas costs. This will only inconvenience users if paused, not prevent them from using the protocol entirely.
Security Audit
Primitive's core contracts have been audited: Phase 1 Audit.
Audits do not guarantee security of the contracts. The contracts should never be considered 100% secure.
Development Cycle
Contracts are first designed and implemented as prototypes. These prototypes will never see mainnet.
After the prototyping stage, the contracts are upgraded with improvements and deployed to a testnet. Contracts will live and be redeployed to testnet prior to being sent for audit.
The code is then frozen and the contracts are sent to auditors. After the auditors have taken several weeks to review them, they will recommend changes which are then implemented by the core Primitive developers.
After the audit changes have been implemented, the core Primitive team reviews the overall security and preparedness for maintaining the production contracts. Once the team has decided that the contracts are ready, they are deployed to mainnet.
Liquidity Provision Risks
Please visit our guide for providing liquidity to the Primitive protocol: Liquidity Providers Guide. Options are volatile instruments, which means losses can accrue quicker when they are provided as liquidity to Automated Market Makers, such as Uniswap.
Non-Standard ERC-20 Risks
The Primitive V1 Option uses a novel accounting method for tracking its internal balances. Non-standard ERC-20 token implementations with rebase functions (YAM, AMPL, etc.) alter balances, which could break the core internal accounting methods. Rebasing tokens have not been verified as a secure asset to use as an underlying token in a Primitive V1 Option.
ERC-20 tokens which have fees taken out on transfer (deflationary) can alter balances, which could break the internal accounting methods of the Primitive V1 Option.
Some ERC-20 implementations do not return true or false, or any data, after a transfer method has been completed. Primitive V1 Option has safety mechanisms (Open Zeppelin's SafeERC20 Library) in place to guard against any side-effects of this non-standard ERC-20 function.