What are Admin Keys? (Ultimate DeFi Risk in 2022)
Admin Keys are a form of centralized control in a crypto or DeFi project which allows the developers or founders to change the rules of their smart contract or blockchain. In effect, admin keys present serious counterparty risk which threatens the security of your digital assets.
Imagine this. You’re down at your local bank branch signing up for a new account and something in one of the forms catches your eye. You look at it more closely and are shocked by what you see. In the fine print, hidden amongst the terms and conditions, reads “The bank reserves the right to change your account balance at any time.”
You ask the teller to check if it means what you think it means. They confirm that it’s exactly what it sounds like — the bank can simply zero out your account if they ever feel like it. Would you sign up for that account? No way!
But guess what, that’s essentially how many crypto projects operate — with ‘god mode’ admin keys that can be used to invalidate your coins and change your account balance at any time.
As even no-coiners know, the crypto space is famous for scams and rugpulls, and the way these rugpulls are often carried out is by developers using their admin keys to effectively steal from their users. So, if you’re researching a project and learn that the developers have admin keys, you should think very long and hard before investing in it. By the way, you might not be surprised to learn that almost all meme coins have admin keys. Do with that knowledge what you will.
Where DAOs fall down
So if a project doesn’t have admin keys, then you’re safe from being rugged, right?
If you’ve never heard of a DAO, it stands for Decentralized Autonomous Organization. The way most DAOs work is that holders of a particular ‘governance’ token have the right to vote on decisions that will affect the protocol — and because anyone can buy and hold the token, it’s ‘decentralized’. At least that’s the idea.
In reality, developers will often hold a huge majority of the DAO token, meaning they retain all the power to make decisions on everything from liquidity to the procotol’s APY and more.
Many well-known protocols advertise as having no admin keys, which is true for parts of their project, but conveniently neglect to mention that the developers still have a ton of control to shift the goalposts whenever they want. In essence, they’re not truly decentralized at all.
We’ve done some digging on the top DeFi yield protocols and whether they’re governed through a DAO or not.
🚩 Aave (Multichain) — Governance via DAO 🚩
🚩 Compound (Ethereum) — Governance via DAO 🚩
🚩 Curve (Multichain) — Governance via DAO 🚩
🚩 MakerDao (Ethereum) — Governance via DAO 🚩
🚩 Uniswap (Ethereum) — Governance via DAO 🚩
🚩 Colony (Avalanche) — Governance via DAO 🚩
✅ HEX (Soon to be multichain) — No admin keys, no governance (AKA true DeFi) ✅
✅ Liquid Loans (PulseChain) — No admin keys, no governance (AKA true DeFi)✅
Admin keys and ‘immutable’ are mutually exclusive
If you want to check whether a project has admin keys, a good place to start is by searching the code for the word “ownable”. If it’s there, then the project has admin keys and the protocol is not immutable. Another thing you can do is search the contract for the word “address”. If present, you can check to see if the address is hard-coded, and if it is, what that address is being used for — it could be the address of another contract, or it could be being used as an admin key.
It pays to note, though, that immutability is a double edged sword. If a bug is found in code that is not immutable, then developers can simply go in and fix the bug. But if the code is immutable (and therefore locked), there’s nothing that can be done — other than redeploying the protocol and telling all existing users to stop using the buggy version, a highly undesirable outcome.
Basically, immutable code has to be PERFECT, which is why Liquid Loans has spent a huge amount of time and effort making sure that our code is absolutely as robust as possible.
Custodial VS Non-custodial
You’ve probably heard the phrase ‘Not your keys, not your coins’. If not, it’s fairly self-explanatory! When you keep your crypto on an exchange or give it to a centralized yield platform, you are quite literally giving up custody of your crypto. Does this mean you will definitely lose your money? Of course not, but the risk is always there, and crypto exchanges are hacked frequently.
Liquid Loans takes more of a purist approach to DeFi, with no admin keys, no governance and code that is completely immutable. This is why we often say Liquid Loans is true DeFi.
Before deployment, Liquid Loans will be professionally third-party audited and the full report will be made publicly available. In the meantime, learn more about Liquid Loans here.
Disclaimer: Please note that nothing on this website constitutes financial advice. Whilst every effort has been made to ensure that the information provided on this website is accurate, individuals must not rely on this information to make a financial or investment decision. Before making any decision, we strongly recommend you consult a qualified professional who should take into account your specific investment objectives, financial situation and individual needs.