General risks & mitigation
Detailed methodology, risk transfer framework, and parameters to be added.
This chapter outlines the risks that might affect the StableUnit protocol and the stablecoin's peg, identified by the StableUnit core team.
Economic attacks
Flashloans
Flash loans are uncollateralized loans that are approved, executed, and paid back all in one transaction – all done via a self-executing smart contract. Common attack vectors are based on oracle price manipulation:
At the beginning of the transaction, an attacker borrows lots of token A, swaps it for token B by artificially increasing the price, borrows against the expensive collateral, and returns it back, while the system is unable to liquidate this bad position due to limited liquidity for asset A or B.
To mitigate this risk, the price is provided by our built-in oracle: it uses several sources of price information, and uses time-weighted average price for DEXs so that the price can’t be manipulated using flash loans. If one data provider reports a price that is drastically different from another, the guardian module sets a red flag notifying the core team and the DAO.
Large liquidity movements
Apart from flash loans, the price of the asset can be manipulated by large capital. As described on the oracle page, the oracle system monitors the price from several data sources, and in case of divergency, sets an alarm.
Security attacks
Smart-contract exploits
Audits of reputable companies and DAO member peer reviews are the first mitigation to smart contract exploits.
The protocol also uses a circuit breaker to limit the extent of losses from exploits to 15%.
Audits will be added to this page before launch.
Front-End exploits
The StableUnit core team only provides reference implementation of the front-end. Users can deploy their own front-end or access the protocol without it (i.e: through Etherscan).
Underlying infrastructure
StableUnit will ultimately be deployed on multiple chains and each chain has its own security risks, levels of decentralization or centralization, among other factors.
When interacting with StableUnit, always consider the risks related to the chain you’re transacting on.
Social engineering
Social engineering is a type of malicious attack that is enabled by human interaction. This risk is purely human as it needs the victim to provide the attacker with the information needed to access a system, for example. To mitigate this risk, nobody in the DAO or in the core team has access to the users' funds.
Last updated