# Security

Our team at [Eleven Finance](https://eleven.finance/) take security very seriously. Admittedly, we have been suffered in the past, when our platform was unaudited, [however all funds from this exploit were recovered](https://elevenfinance.medium.com/eleven-finance-a-plan-for-the-return-of-funds-recovered-from-the-nerve-vault-exploit-39a006af20d3). Fortunately, we have came a long way since. We are more determined than ever to make sure user's funds are 100% secure.

That's why Eleven Finance was audited **twice** by two different security teams. All of our vaults, our lending protocol and the leveraged yield farming were *all audited*. We fixed every risk found in the audit before deploying our lending & leveraged yield farming protocol to ensure maximum security.

To further ensure that funds deposited in our vaults are secure, we only list trusted farms on our website. We also charge a 0.1% security [withdrawal fee](broken://pages/-MiSAXViNFeLc_9XndM1#withdrawal-fee) to **prevent** attackers from profiting from flash loans and draining the funds from our vaults.

## Audits

### **CertiK**

{% embed url="<https://www.certik.org/projects/elevenfinance>" %}

### **Solidity Finance**

{% embed url="<https://solidity.finance/audits/Eleven/>" %}

These are all smart contracts that were **fully audited**:

* addstrat.sol‌ (CertiK)
* bankConfig.sol‌ (CertiK)
* borrow\.sol‌ (CertiK)
* borrowconfig.sol‌ (CertiK)
* eleUSD.sol‌ (CertiK)
* interestmodel.sol‌ (CertiK)
* liqstrat.sol (CertiK)
* addStrat.sol (Solidity Finance)
* bigfoot.sol (Solidity Finance)
* bigfootConfig.sol (Solidity Finance)
* liqStrat.sol (Solidity Finance)
* oracle.sol (Solidity Finance)<br>

## NRV vaults exploit

On June 22nd 2021, a hacker was able to exploit unaudited NRV vaults on Eleven Finance using a flash loan attack. To understand how this exploit was executed in detail, we encourage you to read the [article](https://www.rekt.news/11-rekt/) made by [rekt.news](https://www.rekt.news/) explaining the exploit in detail.

Thankfully, on 30th September 2021, Eleven Finance was able to retrieve **all** exploited funds back from the hacker. This was possible thanks to a great effort by the Peckshield and Binance team. A sincere thank you goes out to both teams.

To read about our previously planned recovery plan of lost funds, click [here](https://elevenfinance.medium.com/eleven-finance-recovery-plan-a3869f8242d0). However note this plan was not executed as funds were returned to users in full.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.eleven.finance/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.