Risks & Security
Audits
Stormbit contracts are currently undergoing independent security reviews. Audit reports will be published here upon completion.
Bug Bounty: Active program with rewards up to $100,000 for critical vulnerabilities. Report to [email protected]
Critical
Up to $100,000
High
Up to $25,000
Medium
Up to $5,000
Security Architecture
Smart Contract Security
Comprehensive test coverage
UUPS upgradeability for emergency fixes
Multi-signature controls on all upgrades
Emergency pause functionality
Oracle Integrity
Dual oracle sources (Chainlink, Pyth)
Staleness checks prevent outdated prices
Price validation at allocation only (oracle-immune during loan term)
Governance Controls
Multi-signature governance (no single point of control)
Time-locks on critical parameter changes
Public announcements before governance actions
Integration Safety
Battle-tested protocols only (Aave hooks, oracle providers)
Fallback mechanisms for integration failures
Continuous monitoring
Financial Risks
Credit Risk
Borrower defaults result in collateral auctions. Recovery depends on auction proceeds.
Mitigation: Diversify borrowers, conservative LTV, liquid collateral.
Capital Lock
Allocated capital and collateral remain locked until loan maturity or settlement.
Mitigation: Only commit capital not needed short-term.
Tail Risk (Lenders)
Oracle-immune design means no mid-term liquidation. Collateral could drop significantly with no recourse until maturity. Lenders are compensated via volatility premium.
Mitigation: Premium pricing reflects tail risk, conservative LTV, shorter durations, hedge delta exposure.
Depeg Risk (Leveraged Positions)
Correlated assets (wstETH/ETH) may experience temporary depegs. Permanent depeg could mean total loss at maturity.
Mitigation: Strong-backed pairs, conservative leverage (5-10x), monitor protocol health.
Protocol-Specific Behavior
Fixed-Rate Structure
Fixed rates create opportunity cost if market rates move. Borrowers pay more if rates fall; lenders earn less if rates rise.
Liquidation Timing
Liquidation only occurs at maturity via Dutch auction (100% → 50% over 7 days). Borrowers maintain oracle-immune protection during term but must repay by maturity.
Module-Based Collateral
Different collateral types (ERC20, ERC721, attestations) have distinct risk profiles. Lenders should understand module-specific mechanics before allocating.
Risk Summary
Credit
High
None
Liquidation
None
Maturity only
Capital lock
Yes
Yes
Rate
Opportunity cost
Fixed cost
Smart contract
Equal
Equal
Tail risk
Yes (compensated)
Protected during term
Not financial advice. DeFi carries inherent risks. Only use capital you can afford to lose.
Last updated