All DeFi protocols, including Scallop, come with risks, which are important to understand before depositing significant amounts of crypto. The main risks involved in using Scallop are outlined here.
Smart Contract Risk
This is a risk that the Scallop smart contracts get exploited to steal or permanently freeze funds. This risk is inherent to all smart contracts and can never be fully eliminated, but can be mitigated in various ways.
Scallop relies on some cross-program invocation to earn the yield, such as Solend and Marinade. There is a risk that these programs got exploited or some unexpected accidents. These risks are inherent to all smart contract invocations.
Scallop relies on Switchboard for their VRF feeds to pick winners. There is a risk that these oracles report incorrect randomness, causing wrongful winners.
Scallop is compatible with a wide range of wallets, including Phantom, Solflare, Math Wallet, Coin98, Slope, and an open-source Solana wallet called Sollet.io. A wallet exploit could affect the user.
Scallop program hasn't been audited, Scallop team uses Anchor framework to build Scallop program, and Scallop core members have done a strict detailed team code review for Scallop program with Switchboard, Socean teams, and Scallop advisors.