What are the risks of Stacking STX using Stacking DAO?

Stacking DAO allows liquidity providers to generate STX yield. Yield is generated through taking risk. The aim of this section is to give an overview of risks associated with depositing STX in Stacking DAO.

1. Smart contract risk

When a user deposits STX, the STX is held in the StackingDAO reserve contract and locked in Stacks consensus from there. STX that's locked in Stacks consensus is no longer available for withdrawal.

Hence, STX that's locked in Stacks consensus cannot be accessed during a hypothetical exploit. This makes StackingDAO more secure than other smart contract based DeFi applications that have funds available for withdrawal at all times (i.e. AMMs or lending protocols).

STX is only held in the Stacking DAO reserve contract when:

  • STX is waiting to be stacked in the next cycle

  • STX is pending withdrawal for this cycle

  • STX rewards have been added to the contracts (after swapping rewarded BTC->STX)

All other STX is locked in PoX and can't be withdrawn in the event of an exploit.

Security is of utmost importance for any protocol in DeFi and for Stacking DAO this is no different.

  • Stacking DAO has been audited multiple times (4 audits in total as of May 2024), both by bounty-winning white hat hackers as well as reputable auditing firms. An example of an audit report can be found here.

  • Stacking DAO runs a bug bounty program with Immunefi to discover any potential bug with the help of white hat hackers, see here.

  • No single person or entity ever takes custody of STX deposits at any point in time. STX deposits are deposited in a decentralised reserve contract (SP4SZE494VC2YC5JYG7AYFQ44F5Q4PYV7DVMDPBG.reserve-v1) and those STX tokens can be delegated to stacking pools throughout the ecosystem (see https://app.stackingdao.com/analytics), after which they are stacked in pox-4.

  • Certain contracts such as the stacking pools are upgradeable, since they need to be able to support upgrades in Stacks consensus (Proof of Transfer upgrades). In order to do a stacking pool upgrade, the STX tokens end up back into the reserve-v1 contract from the Stacks consensus pox contract. This allows for upgrading of Stacking pools, but it doesn't allow any single actor to remove funds.

2. Proof-of Transfer (PoX) risk

Stacking DAO locks STX in Proof-of-Transfer to generate stacking yield. Funds would be at risk from potential issues in Proof-of-Transfer, the consensus mechanism of the Stacks blockchain. Since the Stacks launch in January 2021, no such issues have occurred.

3. BTC rewards swaps

This risk only applies to the Stacking rewards (i.e. the APY of the protocol), not the locked STX.

BTC rewards from stacking STX are directed to a BTC address managed by Stacking DAO. Each cycle, the BTC is swapped to STX and deposited into the Stacking DAO reserve contract. To swap BTC rewards into STX, Stacking DAO relies on external swap services that could have issues outside of Stacking DAOs control. Stacking DAO is looking at ways to automate the BTC --> STX swap in the future.

4. Stacks 51% attack

For completeness, funds are at risk if the Stacks blockchain were to get exploited.

Last updated