Security

This section documents the built-in protections and key trust assumptions.

Upgrade protection

Only the factory owner can authorize upgrades. Leaders cannot upgrade vault contracts.

function _authorizeUpgrade(address) internal override {
  require(factory != address(0), "No factory");
  require(msg.sender == IVaultFactory(factory).owner(), "Only factory owner");
}

Reentrancy protection

All functions that move funds use nonReentrant.

function buy(uint256 usdcAmount) external nonReentrant { ... }
function sell(uint256 tokens) external nonReentrant { ... }

Access control

modifier onlyAdmin() {
  require(msg.sender == admin, "Not admin");
  _;
}

modifier onlyLeader() {
  require(msg.sender == leader, "Not leader");
  _;
}

modifier onlyVaultOrLeader() {
  require(
    msg.sender == vault ||
    msg.sender == IBondingCurveVault(vault).leader() ||
    apiWallets[msg.sender],
    "Not authorized"
  );
  _;
}

Fee caps

uint256 public constant MAX_FEE = 3000;             // performance fee max 30%
uint256 public constant MAX_PERFORMANCE_FEE = 3000; // performance fee max 30%
uint256 public constant MAX_EXIT_FEE = 5000;        // exit fee max 50%

NAV manipulation protections

Entry NAV inheritance on token transfers.
Virtual reserve scaling to stabilize price impact as vault grows.
Trade limit: max 1% of total assets per buy.

Liquidity protections

Pending sell instead of reverting when liquidity is low.
Auto-rebalance targets 50% withdrawable liquidity.
Liquidity cap: sells are capped by available liquidity.

PreviousContract Addresses NextFAQ

Last updated 1 month ago

hashtagUpgrade protection

hashtagReentrancy protection

hashtagAccess control

hashtagFee caps

hashtagNAV manipulation protections