Unstable Protocol
  • Introduction
  • Users
    • Mint nUSD
    • Repay nUSD
    • Interest and Fees
    • Collateralization and Liquidation
    • Redemption
  • Developers
    • Architecture
    • Position Management
    • Interest and Fees
    • Price Oracle
    • Liquidation System
    • Redemption System
    • Emergency Controls
    • Deployments
    • Security & Audits
Powered by GitBook
On this page
  • Audits & Testing
  • Safety & Risk Management
  • Protocol Safety Features
  • Collateral Onboarding Framework
Export as PDF
  1. Developers

Security & Audits

PreviousDeployments

Last updated 10 days ago

Audits & Testing

Unstable Protocol shares its core CDP architecture with Lybra V2, a battle-tested system that has undergone multiple audits by , , and .

Unstable Protocol was audited by in May 2024. The audit report can be found .

Additionally, Unstable Protocol engaged —co-author of ERC4626 (Tokenized Vaults), ERC3156 (Flash Loans), and ERC7266 (Oracles); former CTO of Yield Protocol; current judge for Code4rena, Cantina and engineer at Optimism —as a consultant. Alberto contributed to both protocol mechanics and the design of our testing framework, which applies the Branching Tree Technique (BTT) to exhaustively map edge cases and protocol invariants.

Safety & Risk Management

Protocol Safety Features

Access Control

  • Multi-tier access control scheme separates critical functions (Owner) from operational functions (Admin), enabling rapid emergency responses while protecting high-impact changes

  • Vault-level pause switches for mint, burn, and redemption

Vault & Oracle Safety

  • Supply caps per vault to limit risk exposure

  • Multiple oracle types with ability to update if compromised

  • Toggle between redemption rate and market pricing modes

  • Depeg thresholds to auto-pause minting during market instability

Collateral Onboarding Framework

  • Collateral types are classified as stable-denominated, ETH-denominated, and volatile/other-denominated wrappers

  • Stable-denominated wrappers (e.g. scUSD, wstkscUSD): high initial LTVs (up to 97%) with strict peg stability, liquidity, and oracle integrity requirements

  • ETH-denominated wrappers (e.g. scETH): moderate LTVs (e.g. 80%) with risk buffers for slashing, withdrawal delays, and price tracking deviations

  • Volatile/other-denominated wrappers (e.g. stS): conservative LTVs (e.g. 75%) due to higher volatility, complex redemption mechanics, and oracle fragility

  • All assets must meet minimum on-chain liquidity thresholds

  • Initial debt ceilings are capped per asset; borrowing is limited until stability and liquidity are proven over time

  • Timelock delay is enforced for onboarding and parameter changes

  • Parameters are scaled gradually with protocol adoption; risk settings tighten as TVL grows to preserve solvency

Consensys
Halborn
Code4rena
KALOS Security
here
Alberto Cuesta Cañada