What are the risks of using Scallop?

All DeFi protocols, including Scallop, come with risks, which are important to understand before depositing significant amounts of crypto. The main risks involved in using Scallop are outlined here.
Smart Contract Risk
This is a risk that the Scallop smart contracts get exploited to steal or permanently freeze funds. This risk is inherent to all smart contracts and can never be fully eliminated, but can be mitigated in various ways.

Cross Program Invocation Risk

Scallop relies on some cross-program invocation to earn the yield, such as Solend and Marinade. There is a risk that these programs got exploited or some unexpected accidents. These risks are inherent to all smart contract invocations.
Oracle Risk
Scallop relies on Switchboard for their VRF feeds to pick winners. There is a risk that these oracles report incorrect randomness, causing wrongful winners.

Wallet Providers Risk

Scallop is compatible with a wide range of wallets, including Phantom, Solflare, Math Wallet, Coin98, Slope, and an open-source Solana wallet called A wallet exploit could affect the user.

Is Scallop on-chain program audited/open-source?

Scallop program hasn't been audited, Scallop team use Anchor framework to build Scallop program, and Scallop core members have done a strict detailed team code review for Scallop program with Scallop advisors. We will let Scallop program be audited and after the Scallop program is audited, we will let it become an open-source program.