# Security & Audits ## Audits & Testing Unstable Protocol shares its **core CDP architecture** with Lybra V2, a battle-tested system that has undergone multiple audits by [Consensys](https://diligence.consensys.io/audits/2023/08/lybra-finance/), [Halborn](https://github.com/HalbornSecurity/PublicReports/blob/master/Solidity%20Smart%20Contract%20Audits/Lybra_Finance_V2_Smart_Contract_Security_Assessment_Report_Halborn_Final.pdf), and [Code4rena](https://code4rena.com/reports/2023-06-lybra). Unstable Protocol was audited **by** [**KALOS Security**](https://kalos.xyz) in **May 2024**. The audit report can be found [here](https://www.unstable.money/kalos_audit052024.pdf). Additionally, Unstable Protocol engaged [**Alberto Cuesta Cañada**](https://x.com/alcueca)—co-author of ERC4626 (Tokenized Vaults), ERC3156 (Flash Loans), and ERC7266 (Oracles); former CTO of Yield Protocol; current judge for Code4rena, Cantina and engineer at Optimism —as a consultant. Alberto contributed to both protocol mechanics and the design of our testing framework**,** which applies the **Branching Tree Technique (BTT)** to exhaustively map edge cases and protocol invariants. ## Safety & Risk Management ### Protocol Safety Features #### Access Control * Multi-tier access control scheme separates critical functions (Owner) from operational functions (Admin), enabling rapid emergency responses while protecting high-impact changes * Vault-level pause switches for mint, burn, and redemption #### Vault & Oracle Safety * Supply caps per vault to limit risk exposure * Multiple oracle types with ability to update if compromised * Toggle between redemption rate and market pricing modes * Depeg thresholds to auto-pause minting during market instability ### Collateral Onboarding Framework * Collateral types are classified as **stable-denominated**, **ETH-denominated**, and **volatile/other-denominated wrappers** * **Stable-denominated wrappers** (e.g. scUSD, wstkscUSD): high initial LTVs (up to 97%) with strict peg stability, liquidity, and oracle integrity requirements * **ETH-denominated wrappers** (e.g. scETH): moderate LTVs (e.g. 80%) with risk buffers for slashing, withdrawal delays, and price tracking deviations * **Volatile/other-denominated wrappers** (e.g. stS): conservative LTVs (e.g. 75%) due to higher volatility, complex redemption mechanics, and oracle fragility * All assets must meet minimum on-chain liquidity thresholds * Initial debt ceilings are capped per asset; borrowing is limited until stability and liquidity are proven over time * Timelock delay is enforced for onboarding and parameter changes * Parameters are scaled gradually with protocol adoption; risk settings tighten as TVL grows to preserve solvency --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.unstable.money/developers/audits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.