Security & Audits

Audits & Testing

Unstable Protocol shares its core CDP architecture with Lybra V2, a battle-tested system that has undergone multiple audits by Consensys, Halborn, and Code4rena.

Unstable Protocol was audited by KALOS Security in May 2024. The audit report can be found here.

Additionally, Unstable Protocol engaged Alberto Cuesta Cañada—co-author of ERC4626 (Tokenized Vaults), ERC3156 (Flash Loans), and ERC7266 (Oracles); former CTO of Yield Protocol; current judge for Code4rena, Cantina and engineer at Optimism —as a consultant. Alberto contributed to both protocol mechanics and the design of our testing framework, which applies the Branching Tree Technique (BTT) to exhaustively map edge cases and protocol invariants.

Safety & Risk Management

Protocol Safety Features

Access Control

  • Multi-tier access control scheme separates critical functions (Owner) from operational functions (Admin), enabling rapid emergency responses while protecting high-impact changes

  • Vault-level pause switches for mint, burn, and redemption

Vault & Oracle Safety

  • Supply caps per vault to limit risk exposure

  • Multiple oracle types with ability to update if compromised

  • Toggle between redemption rate and market pricing modes

  • Depeg thresholds to auto-pause minting during market instability

Collateral Onboarding Framework

  • Collateral types are classified as stable-denominated, ETH-denominated, and volatile/other-denominated wrappers

  • Stable-denominated wrappers (e.g. scUSD, wstkscUSD): high initial LTVs (up to 97%) with strict peg stability, liquidity, and oracle integrity requirements

  • ETH-denominated wrappers (e.g. scETH): moderate LTVs (e.g. 80%) with risk buffers for slashing, withdrawal delays, and price tracking deviations

  • Volatile/other-denominated wrappers (e.g. stS): conservative LTVs (e.g. 75%) due to higher volatility, complex redemption mechanics, and oracle fragility

  • All assets must meet minimum on-chain liquidity thresholds

  • Initial debt ceilings are capped per asset; borrowing is limited until stability and liquidity are proven over time

  • Timelock delay is enforced for onboarding and parameter changes

  • Parameters are scaled gradually with protocol adoption; risk settings tighten as TVL grows to preserve solvency

PreviousDeployments

Last updated