Detailed Instructions

Begin by examining the protocol's smart contract code for vulnerabilities. This is the most critical technical risk. Use automated tools and manual review to check for common flaws like reentrancy, integer overflows, and access control issues.

• Sub-step 1: Source Verification: Verify all contract source code on Etherscan (e.g., for a contract at 0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D). Ensure it matches the official repository.
• Sub-step 2: Automated Scanning: Run tools like Slither or MythX on the codebase. Look for high-severity findings.
• Sub-step 3: Manual Code Review: Focus on core liquidity pool and reward distribution logic. Check for admin keys or upgradeability that could pose centralization risks.

solidityCopy
// Example check for a common vulnerability: missing zero-address validation
function setRewardDistributor(address _distributor) external onlyOwner {
    require(_distributor != address(0), "Invalid address"); // This check is crucial
    rewardDistributor = _distributor;
}

Tip: Prioritize audits from reputable firms like Trail of Bits or OpenZeppelin. An unaudited protocol should be considered extremely high risk.

Detailed Instructions

Analyze the token emission schedule and incentive alignment. High, unsustainable APYs are often a red flag for a Ponzi-like structure. Calculate the real yield source: is it from trading fees, lending interest, or newly minted tokens?

• Sub-step 1: APY Decomposition: Break down the advertised APY (e.g., 500%). Determine what percentage comes from fundamental fees versus inflationary token emissions.
• Sub-step 2: Token Supply & Vesting: Review the token's total supply, circulating supply, and vesting schedules for team and investors. A large, unlocked portion poses a sell-pressure risk.
• Sub-step 3: Incentive Longevity: Model how long the liquidity mining rewards can last given current emission rates and TVL. Use the formula: Reward Pool Balance / Daily Emissions = Days Remaining.

Tip: A protocol where over 80% of the yield comes from its own token emissions is likely unsustainable. Look for protocols where core fees generate the majority of the yield.

Detailed Instructions

Impermanent Loss (IL) and liquidity depth are paramount. Evaluate the pools you will deposit into. High volatility between paired assets increases IL risk. Shallow liquidity leads to high slippage and vulnerability to market manipulation.

• Sub-step 1: Pool Composition Analysis: On a DEX like Uniswap V3, inspect the pool (e.g., ETH/USDC). Check the price range of concentrated positions and the distribution of liquidity.
• Sub-step 2: Calculate IL Scenarios: Use an impermanent loss calculator. For a 50/50 ETH/USDC pool, a 100% price change in ETH can result in approximately 20% IL compared to holding.
• Sub-step 3: Check Total Value Locked (TVL) Trend: Use DeFiLlama. A rapidly declining TVL signals user exit. Also, check if a single pool dominates the TVL, creating concentration risk.

javascriptCopy
// Simple Impermanent Loss Calculation for a 50/50 pool
function calculateIL(priceChangeRatio) {
    // priceChangeRatio = newPrice / originalPrice
    return 2 * Math.sqrt(priceChangeRatio) / (1 + priceChangeRatio) - 1;
}
// Example: ETH doubles in price (ratio=2)
let il = calculateIL(2); // Result: -0.057 or -5.7%

Tip: Prefer pools with correlated assets (e.g., stablecoin pairs) to minimize IL, but be aware of depeg risks.

Detailed Instructions

No protocol exists in isolation. Oracle dependencies and composability risks can lead to cascading failures. The protocol may rely on price feeds from Chainlink or oracles built into other protocols like Aave.

• Sub-step 1: Map Oracle Dependencies: Identify every external price feed used. Check its update frequency and the number of reporters. A command to check a Chainlink price feed on Ethereum: cast call 0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419 "latestAnswer()".
• Sub-step 2: Analyze Governance and Admin Controls: Determine who holds admin keys or governance power. Can they upgrade contracts, change fees, or withdraw funds? A multisig with a 4/7 threshold is safer than a single EOA.
• Sub-step 3: Assess Integrations: List all other protocols the target integrates with (e.g., using Curve LP tokens as collateral on Compound). The failure of any integrated protocol poses a direct threat.

Tip: A protocol with delayed or manipulable oracle data is at high risk of flash loan attacks. Always verify the security of the underlying data layer.

Detailed Instructions

Private key management and transaction simulation are under your control. Even a secure protocol can be compromised by user error. This step focuses on actionable defenses for the individual farmer.

• Sub-step 1: Use a Hardware Wallet: Never interact with DeFi protocols from an exchange or a browser-based hot wallet. Use a Ledger or Trezor.
• Sub-step 2: Simulate Transactions: Before signing any approval or deposit tx, simulate it using Tenderly or a local fork. Check for unexpected contract interactions.
• Sub-step 3: Set Up Alerts and Limits: Use tools like DeBank or Zapper to monitor your portfolio health. Set price alerts for your farmed tokens and define a stop-loss threshold (e.g., exit if token price drops 25%).

bashCopy
# Example: Simulating a transaction with Foundry's cast
cast call <contract_address> \
  "deposit(uint256)" <amount_in_wei> \
  --rpc-url $RPC_URL \
  --from <your_address>

Tip: Always revoke unnecessary token approvals regularly using a tool like revoke.cash. An old, unused approval is a persistent security risk.