Risk categories

The objective of the StableUnit Risk Framework is to define and proactively manage risk with the goal to maximize the economic security of the products offered by the StableUnit protocol through risk mitigation and risk transfer.

Visualizing Space of StableUnit Economic Security

Collateral Risk Management Mandate

Collateral risk is perhaps the most important risk to study and treat for any CDP-based stablecoin system. The StableUnit DAO mandated 3 desired outcomes for Collateral Risk Management:

  • Minimize risk and the probability of occurrence of bad debt accrual events which may be collaterals - ensure system solvency.

  • Maximize capital efficiency.

  • Maintain the attractiveness of the StableUnit DAO products

Collateral Risk Categories

To make sure we cover all bases, we break down risk into several categories, each focusing on a different aspect of an asset’s risk profile. Below are the key risk categories we consider (in plain English):

  • Market / Price Volatility Risk: How much and how quickly the asset’s price can change. Highly volatile assets (prices swinging wildly day-to-day) are riskier as collateral because their value can drop suddenly. Stable or less-volatile assets pose lower market risk.

  • Liquidity & Slippage Risk: How easily the asset can be sold or converted to stablecoins without losing value. If an asset has deep markets (high trading volume and lots of buyers/sellers), large amounts can be liquidated with minimal price impact (low slippage). Illiquid assets could require selling at a discount, which is risky during collateral liquidations.

  • Smart-Contract / Protocol Risk: The technical reliability of the asset’s underlying smart contracts or protocol. This covers the risk of bugs, hacks, or failures in the asset’s code. For example, an established token with audited, battle-tested contracts (like ETH) has low protocol risk, whereas a complex yield-bearing LP token from a newer project carries higher risk of smart contract vulnerabilities.

  • Oracle & Data Risk: The reliability of price feeds and data needed to value the asset. The protocol relies on oracles to know an asset’s price. If an asset’s price oracle is slow, easily manipulated, or has limited sources, that asset has high oracle risk. We favor assets with robust, decentralized oracles (e.g. Chainlink feeds) to minimize data inaccuracies or delays.

  • Concentration / Governance Risk: How centralized or controllable the asset is, either in terms of ownership concentration or admin privileges. If a single entity (or a small group) can significantly influence the asset’s value or protocol (for example, a governance token where one team holds most of the supply, or a token that can be paused by an admin key), that’s a high concentration/governance risk. We prefer assets that are broadly held and governed in a decentralized manner, reducing the chance of malicious governance actions or rug pulls.

  • Peg & Systemic Risk: For assets that are supposed to maintain a peg (like a 1:1 stablecoin or a staked derivative meant to track another asset), this is the risk of that peg breaking. Peg risk means the asset could deviate from its intended value (e.g. a stablecoin losing its $1 peg). Systemic risk refers to the asset’s impact on or correlation with the wider crypto ecosystem. If an asset is deeply intertwined with many protocols, its failure could cause a cascade (e.g. a major stablecoin collapsing would be a systemic event). We gauge how an asset’s troubles might spread to the broader system or to other collaterals in StableUnit.

By managing risks this way, we ensure a comprehensive 360° assessment of each collateral type. Each category has specific mitigation strategies (covered later), and together they feed into our overall risk scoring.

Collateral Risk Management Objectives

To achieve the target outcomes of the DAO mandate, Collateral Risk Management leverages:

  • Manual analysis of each collateral and its unique qualities

  • Data-driven analysis and calculation of optimal collateral parameters

  • Risk pricing for each collateral, using

    • Internal pricing of collateral risk

    • External, capital-backed market pricing of collateral risk (solvency insurance, options markets, and prediction markets)

  • Stress testing individual collaterals

  • Simulation of a portfolio of collaterals in tail risk scenarios.

  • Collateral Risk Mitigation. Design, maintain, and propose deployment/activation/deactivation of risk mitigation strategies for each active collateral and entire portfolio.

  • Collateral Risk Transfer. Design, maintain, and propose deployment/activation/deactivation of risk transfer strategies.

Flashloans

Flash loans are uncollateralized loans that are approved, executed, and paid back all in one transaction – all done via a self-executing smart contract. Common attack vectors are based on oracle price manipulation:

At the beginning of the transaction, an attacker borrows lots of token A, swaps it for token B by artificially increasing the price, borrows against the expensive collateral, and returns it back, while the system is unable to liquidate this bad position due to limited liquidity for asset A or B.

To mitigate this risk, the price is provided by our built-in oracle: it uses several sources of price information, and uses time-weighted average price for DEXs so that the price can’t be manipulated using flash loans. If one data provider reports a price that is drastically different from another, the guardian module sets a red flag notifying the core team and the DAO.

Large liquidity movements

Apart from flash loans, the price of the asset can be manipulated by large capital. As described on the oracle page, the oracle system monitors the price from several data sources, and in case of divergency, sets an alarm.

Front-End exploits

The StableUnit core team only provides reference implementation of the front-end. Users can deploy their own front-end or access the protocol without it (i.e: through Etherscan).

Underlying infrastructure

StableUnit will ultimately be deployed on multiple chains and each chain has its own security risks, levels of decentralization or centralization, among other factors.

When interacting with StableUnit, always consider the risks related to the chain you’re transacting on.

Social engineering

Social engineering is a type of malicious attack that is enabled by human interaction. This risk is purely human as it needs the victim to provide the attacker with the information needed to access a system, for example. To mitigate this risk, nobody in the DAO or in the core team has access to the users' funds.

PreviousVoting & Proposal MechanicsNextQuantitative Risk Scoring Methodology