Smart Contract Security

Smart Contract Security

Security of the StableUnit smart contracts is paramount. A full code review by Decurity has already been completed, and a second audit by Sherlock is prepaid ($200 k from the Arbitrum grant) and currently in progress. These independent engagements rigorously examine the contracts for vulnerabilities, correctness, and adherence to best practices. All findings are patched before main‑net launch. In parallel, a $300 k bug‑bounty program — paid in SuDAO and hosted on Immunefi — is live right now, rewarding white‑hat researchers who responsibly disclose issues. Rewards scale with severity, giving the broader security community an ongoing incentive to keep StableUnit safe.

All Audits and Bounties links are placed here.

To further bolster safety, StableUnit introduces novel on-chain risk mitigation mechanisms beyond standard practices. One such feature is the Circuit Breaker module​​. The Circuit Breaker continuously monitors the outflow of funds from the system (including large withdrawals, loan drawdowns, and liquidation payments). If abnormal activity is detected – specifically, if outflows exceed a certain threshold within a 24-hour window (currently set to 15% of the protocol’s Total Value Locked) – the Circuit Breaker is triggered. When triggered, it temporarily imposes limits on further withdrawals or borrowing. This gives the community and administrators time to assess the situation before any potential issue can escalate. The Circuit Breaker can be reset manually by an authorized admin or by a DAO governance vote if everything is determined to be safe, restoring full functionality. If no action is taken within the cooldown period, the restriction lifts automatically, ensuring the protocol cannot be frozen indefinitely​. This mechanism is designed to mitigate worst-case scenarios like hacks or oracle failures – it prevents an attacker from instantly draining the system and provides a window for response, greatly limiting possible losses.

StableUnit also adopts a decentralized governance control to minimize central points of failure (see the StableUnit DAO in Section 3 for details). No single party can unilaterally upgrade or pause the protocol; changes to core parameters or contracts are subject to DAO proposals and voting, which use a SuDAO governance token. This reduces the risk of insider attacks or compromised admin keys that have affected other platforms in the past. Additionally, the StableUnit team is exploring formal verification for critical components of the protocol. Formal verification involves mathematically proving certain properties of the smart contracts (for example, that collateral value will always exceed debt, or that no unauthorized entity can mint USD Pro). While not all code will be formally verified (due to complexity and cost), targeting the most mission-critical logic (like the stablecoin issuance and liquidation modules) can add extra assurance beyond testing and audits.

Finally, continuous monitoring is in place. StableUnit will have real-time analytics and alerting for key health metrics (collateral ratios, debt levels, oracle status, etc.). Community members and specialized risk agents are encouraged to watch the system and propose emergency actions if needed. In summary, StableUnit’s security encompasses preventative measures (audits, best practices, modular design), proactive measures (circuit breaker, risk monitoring, governance oversight), and reactive measures (bug bounties, emergency DAO actions) to ensure a robust and secure protocol.