Risks
The following are risks that everyone should be aware of before interacting with the protocol. The protocol's design exposes these risks in consequence to its normal operating procedures.
Also see Security & Audits.
Smart contract risk
The protocol runs entirely on public smart contracts explained in detail throughout these docs. The Juicebox protocol is public infrastructure running well-known code, all consequences from interacting with networks running the protocol are borne by the entities who sign each transaction. The protocol works according to the specifications outlined in these docs to the extent the code is written and deployed correctly, which is a collective responsibility and not guaranteed. There is a major risk that this is not the case. Please do your own research.
Project owner risk
Ownership of each project on the Juicebox protocol belongs to the address possessing a JBProjects
NFT with a unique token ID, which also serves as the project's ID. The address that owns this token can reconfigure a project's funding cycles, which empower it to manipulate a project's finances both productively and maliciously.
-
The following values can be reconfigured by a project's owner on a per-funding cycle basis:
Setting a distribution limit and payout splits
With a distribution limit of zero, all treasury funds belong to the community. Token holders can redeem their tokens to reclaim their share of the treasury at any time, according to the current funding cycle's redemption bonding curve rate.
A non-zero distribution limit allocates a portion of the treasury for distribution to payout splits.
A project owner can also change the split allocations that are bound by the funding cycle's distribution limit at any time, unless the split was explicitly locked until a specified date during its creation.
🟢 Used productively this can be used to withdraw funds to a community safe, distribute funds to contributors, channel funds to other projects operating treasuries on the protocol, and more.
🔴 Used maliciously this can be used to rug the entire treasury into an arbitrary wallet.
Setting an overflow allowance
With an overflow allowance of zero, all treasury funds belonging to the community – funds in excess of the distribution limit – cannot be accessed by the project owner. The only way funds can leave the treasury is through token redemptions.
A non-zero overflow allowance gives the project owner access to a portion of the community's funds for on-demand distribution to arbitrary addresses.
🟢 Used productively this can be used to manage discretionary spending.
🔴 Used maliciously this can be used to rug the entire treasury into an arbitrary wallet.
Allowing token minting
While token minting is not allowed, the only way for new project tokens to be minted and distributed is for the project to receive new funds into its treasury. Tokens will get minted in accordance to the current funding cycle's values.
If token minting is allowed, an arbitrary number of tokens can be minted and distributed by the project owner, diluting the redemption value of all outstanding tokens.
🟢 Used productively this can be used to premint tokens to members, or satisfy other agreed upon inflationary treasury strategies.
🔴 Used maliciously this can be used to mint extra tokens and redeem them to reclaim treasury funds into an arbitrary wallet, rugging the entire treasury.
Setting the funding cycle's weight
A funding cycle's weight determines how many tokens will be minted and distributed when a treasury receives funds. By default, a funding cycle has the same weight as the cycle that preceded it after applying the preceding cycle's discount rate.
🟢 Used productively this can be used to manage how tokens are issued over time.
🔴 Used maliciously this can be used to manipulate token issuance, and rug the entire treasury into an arbitrary wallet.
Allowing changing of project tokens
While changing tokens isn't allowed, the current project token will be used to satisfy redemptions and new issuance for the duration of the funding cycle.
If changing tokens is allowed, a new token can replace the role of a previous token for new issuance and redemptions.
🟢 Used productively this can be used to allow projects to augment a previous token strategy with a Juicebox treasury, detach a token from a Juicebox treasury, or create custom token mechanisms associated with its Juicebox treasury.
🔴 Used maliciously this can be used to cut off a community of token holders from their treasury while using the redemption of a new token to reclaim treasury funds into an arbitrary wallet.
Pause payments, pause distributions, pause redemptions, pause burn