Risks, Security, Audits
This page explains how we think about security. It is written for all readers (users, investors, institutions, and developers).
Important
- Smart contracts are immutable once deployed; transactions are irreversible.
- DeFi involves market, protocol, and operational risks. Losses are possible.
- Nothing here is investment advice. Yields are variable and not guaranteed.
Our Security Principles
1) Minimize avoidable risk. Prefer simple, battle‑tested patterns and conservative assumptions over yield‑chasing or complexity.
2) Least privilege & separation of duties. Use role‑based access, multisig guardianship, and timelocks where appropriate.
3) Defense in depth. Multiple layers: audits, monitoring, pausing/guardians, circuit breakers, parameter caps, and incident runbooks.
4) Transparency. Publish parameters, addresses, audit reports, and incident post‑mortems.
5) No surprise dependencies. Limit external protocol reliance; avoid leverage and bridging in the backing allocation for the PCA by default.
General DeFi Risks
1) Smart Contract Risk
Bugs or logic errors can lead to loss of funds, frozen assets, or unintended behavior. Even audited code can contain undiscovered issues.
What we do
- Multiple internal reviews and external audits before enabling capital‑bearing features.
- Gradual launch with caps / allowlists where prudent.
- Continuous monitoring and formal incident runbooks.
2) Market, Liquidity & Volatility Risk
On‑chain markets can move quickly; liquidity can disappear in stress. This affects pricing, collateral health, liquidations, and exit timing.
What we do
- Conservative risk parameters and dynamic mechanisms in the broader product suite (e.g., snapshot LTVs, soft liquidations, time‑slicing).
- Emphasis on unwind‑friendly positions for treasury/backing.
3) Price Discovery, MEV & Economic Attack Risk
Front‑running, sandwich attacks, and flash‑loan‑driven manipulations can harm users and LPs if not mitigated. External oracle feeds can lag or be manipulated.
What we do
- Depth‑aware pricing metrics in trading products; guardrails and regime detection.
- Reduce reliance on external oracles where design allows; if used, apply cross‑checks and conservative thresholds.
4) Third‑Party & Integration Risk
When capital is deployed to external venues (lending, staking, LSTs), those venues have their own contract, validator, or operational risks.
What we do
- Use established, liquid venues for conservative yield.
- Avoid leverage and bridging in the backing allocation.
- Diversify and size exposures with caps and stress assumptions.
5) User Operational Risk
Key loss, phishing, malicious approvals, wrong addresses/URLs, and wallet compromises are common causes of loss.
What you can do
- Use hardware wallets; verify URLs and contract addresses.
- Review token approvals; start small; simulate transactions when possible.
Security Controls & Operational Safeguards
- Roles & Multisig. Sensitive functions gated by multisig; roles separated (Configurator, Treasury, Strategy Manager, etc.).
- Parameter Caps. Per‑asset/venue caps and allowlists; snapshot LTVs where relevant.
- No Leverage / No Bridging (Backing). Backing allocation avoids leverage and bridging by default for unwind simplicity.
- Transparency. Publish contract addresses, ABIs, parameters, and post‑mortems where applicable.
Incident Response (Overview)
- Detect & Verify. Monitoring alerts; reproduce on a fork; classify severity.
- Contain. Pause/circuit breakers; parameter throttles; multisig actions.
- Remediate. Hotfixes via audited patterns; re‑audit if code changes.
- Communicate. Timely, factual updates; impact and user guidance.
- Post‑Mortem. Public root‑cause analysis and long‑term fixes.
What Users Can Do
- Verify URLs and contract addresses; never trust DMs.
- Use hardware wallets and limit approvals to trusted contracts.
- Start small and scale gradually; simulate transactions when possible.
- Monitor your allowances and revoke unused approvals.
- Understand the differences between Hold, Exit, and Withdraw in the FT PUT Option.