🧐Is RissottoFinance Safe?

We know what you are thinking.

If you are new to the world of DeFi, the word Scam comes to mind. We understand. We welcome the tough questions.

Walking out of the cocoon of a world controlled by centralized powers isn't easy.

And if you aren't new, then phrase "Rug Pull" will probably send shivers down your spine. To be sure, we, at rissot.to have coded our contracts in such a way that we are totally incapable of a rug-pull without getting toasted ourselves.

How Do We Mitigate Rug Pulls?

When building RissottoFinance, we did take a fork of PancakeSwap (which is a fork of SushiSwap). That being said, the one piece of code that was in SushiSwap’s MasterChef that was potentially dangerous was the Migrator function. This function allowed SushiSwap to autonomously migrate liquidity pools. In the days of SushiSwap, this function was absolutely necessary as they were a vampire protocol of Uniswap which required them to tap on Uniswap’s existing pools to build a base of users, after which migrating them over to SushiSwap’s own LPs. From then up until now, that piece of code still exists in SushiSwap’s MasterChef smart contract.

This is SushiSwap’s migrate function found in their MasterChef smart contract.

But do we need it?


And here’s why. When PancakeSwap forked SushiSwap’s MasterChef, they did not remove the migrate function. And just as at Friday 23 April 2021, PancakeSwap performed an upgrade on their Smart Contracts - without utilizing the migrate function.

Here is PancakeSwap’s migrate function. Pretty much the same as SushiSwap’s.

Their rationale was simple. They were afraid that if they were to utilize the migrate function that it would cause more problems as they would be unsure if it would migrate as intended without a hitch. We believe they left it in there as an emergency, more so than a sinister backdoor.

As such, when RissottoFinance forked from PancakeSwap, we made sure that we did away with the migrate function so as to give our users the confidence that we do not intend to steal assets that does not belong to us since our intention is to be around for long.

In addition to that, we will be utilizing a timelock to lock both our token’s smart contract (to prevent random minting of RSOT) as well as MasterChef (to prevent randomly changing deposit fee parameters, block rewards, etc.). The timelock will be 24 hours.

As with all things DeFi, these are most certainly not the only ways in which you could potentially lose your money. With Rissot.to or even other platforms, do your own due diligence and put your assets where you feel comfortable

RugPull Migrator Code : The migrator code has been removed from the MasterChef contract. There is no way for RissottoFinance to do a RugPull. Your funds are always safe. We made a decision to do this to give investors and the community confidence in our project.

Also, to ensure the protocol's transparency, we relentlessly pursue CertiK/Paladin audits in all of our product smart contracts.

Check it out for yourself:

  • Check out these rissot.to security audits:

    • Certik’s security audit of rissot.to and Certik's Shield insurance

    • Other Audits

  • Transparent:

    • We’re built on open-source software: our site and all our Smart Contracts are publicly visible for maximum transparency.

    • Our contracts are verified on BscScan, you are most welcome to run it through your own standards. We are constantly evolving but we welcome feedback!

  • Security best practices:

    • The chefs use multisig for all contracts.

    • Our contracts’ time-locks give you peace of mind.

Last updated