Security & Governance
Protocol Invariants
These are the immutable mathematical guarantees that the protocol enforces. They cannot be broken regardless of market conditions, governance actions, or external factors.
Solvency Invariant
USDC Collateral ≥ (BEAR Supply + BULL Supply) × (CAP / 2)
The protocol always holds enough USDC to cover all outstanding tokens at maximum liability.
Redemption Invariant
1 BEAR + 1 BULL → 2 USDC (always)
A token pair must always be redeemable for 2 USDC, regardless of oracle state. The only exception is after settlement, when BEAR holders redeem directly.
Price Invariant
BEAR Price + BULL Price = $2.00
The theoretical prices derived from the oracle always sum to the CAP. One side's gain is exactly the other's loss.
Why this matters: Security isn't just about access control and input validation. These invariants mean the protocol math is structurally incapable of becoming insolvent or trapping user funds.
Access Control
The protocol uses a single owner role with the following permissions:
Can change:
Yield adapter address (with timelock)
Treasury address (with timelock)
Pause/unpause the protocol
Cannot change:
Token addresses (immutable)
Oracle address (immutable)
CAP value (immutable)
Core mint/burn logic
Timelock
Critical governance actions require a 7-day timelock:
Yield adapter migration
Treasury address changes
This delay gives users time to react to proposed changes before they take effect. The timelock cannot be bypassed.
Governance Cooldown
After unpausing the protocol, a 7-day cooldown must elapse before governance actions (adapter migration, fee changes) can be finalized. This prevents rapid pause/unpause cycles that could bypass timelock protections.
Emergency Procedures
Pause
The owner can pause the protocol immediately (no timelock). When paused:
Minting
Disabled
Burning
Enabled
Reward Distribution
Disabled
Yield Harvest
Disabled
Settlement
Enabled
Users can always exit their positions, even during emergencies.
Unpause
The owner can unpause to restore normal operation. If oracle price has reached CAP during pause, the protocol transitions to SETTLED instead.
Oracle Safety
The BasketOracle implements multiple safeguards:
Staleness check: Rejects prices older than 8 hours
Sequencer check: On L2s, verifies sequencer uptime before trusting prices
Price bounds: Rejects values outside reasonable ranges
Multi-feed aggregation: No single feed can manipulate the basket price
Deviation Check (Disordered Mode)
If Chainlink and Curve EMA prices diverge by more than 2%, the oracle reverts. This creates an implicit "disordered" mode that blocks minting, leverage, and reward distribution until prices converge.
Burns and swaps remain available—the 10% liquid buffer ensures users can always exit.
This protects the protocol from:
Oracle manipulation attacks
Distributing rewards based on stale or noisy price data
Operating during extreme market dislocations
Flash Loan Protections
Routers that use flash loans/mints implement:
Initiator validation: Only accepts callbacks initiated by the router itself
Lender validation: Only accepts callbacks from expected flash lender
Slippage caps: Maximum 1% slippage on Curve swaps to prevent MEV extraction
Reward Distribution Security
The RewardDistributor allocates yield to stakers based on which token is underperforming (Chainlink vs Curve EMA price). Manipulation is not economically viable:
2% deviation cap
Oracle reverts if manipulated beyond this range
Curve EMA resistance
Moving the EMA requires sustained capital against arbitrageurs
Attack cost
$50k-200k+ to move price 2% on a deep pool
Limited profit
Extra allocation × stake share × reward pool size
Cooldown
1-hour minimum between distributions
Example: To gain an extra $5k (shifting from 50/50 to 100/0 on a $100k reward pool with 10% stake), an attacker would spend $50k+ manipulating the pool. Net loss.
Risks
Oracle Risk
The protocol depends on Chainlink price feeds. Oracle manipulation or prolonged downtime could affect:
Morpho collateral valuations (liquidation risk)
Reward distribution calculations
Settlement triggering
Mitigations: Staleness checks, multi-feed aggregation, sequencer validation on L2, 2% deviation check against Curve EMA.
Smart Contract Risk
As with any DeFi protocol, undiscovered bugs could lead to loss of funds.
Mitigations: Formal invariant testing, comprehensive test coverage, mutation testing.
Settlement Risk
If the oracle price reaches $2.00 (CAP), the protocol settles permanently:
BEAR holders receive full value
BULL holders receive nothing
This represents extreme USD devaluation—a tail risk, but not impossible.
Liquidation Risk
Leveraged positions via Morpho can be liquidated if collateral value drops relative to debt. Users should monitor health factors and understand liquidation thresholds before using leverage.
Curve Pool Dependency
BEAR liquidity and price discovery depend on the Curve USDC/plDXY-BEAR pool. Low liquidity could cause:
Higher slippage on swaps
Delayed arbitrage (prices diverge from theoretical value)
Increased MEV extraction
USDC Counterparty Risk
The protocol inherits all risks associated with USDC:
Blacklisting: Circle can freeze specific addresses
Depeg: A significant USDC depeg would affect real collateral value
Upgradeability: Circle can modify USDC contract behavior
Regulatory: Regulatory action could affect USDC availability
The protocol does not implement depeg detection and continues operating at nominal values.
Morpho Liquidity Risk
If Morpho market utilization reaches 100% (all supplied USDC is borrowed), adapter withdrawals fail. Burns exceeding the 10% local buffer would revert until Morpho liquidity returns.
Mitigation: The owner can pause and use withdrawFromAdapter() for gradual extraction as liquidity becomes available.
Audits
January 2026
SyntheticSplitter SyntheticToken BasketOracle MorphoAdater
pending
Last updated