# Smart Contract Risk The on-chain infrastructure of Ledgity is intentionally minimalist to reduce attack surface and complexity. Smart contracts are designed to be transparent, upgrade-controlled, and auditable, ensuring that the on-chain system remains stable even as TVL scales. The architecture focuses on **custody safety, deterministic yield accounting, and predictable liquidity flow** rather than complex on-chain logic. *** #### Contract Design Principles * **No leverage** is used anywhere on-chain. * **No rebase mechanics**: yield is reflected through **Price-Per-Share (PPS)**, preventing integration issues. * **Vaults are segregated**: a failure in one vault cannot impact another. * **No algorithmic yield generation**: contracts do not “seek” yield; they reflect yield produced off-chain. This significantly reduces systemic risk and composability failures. *** #### Upgrade & Permission Controls Smart contracts are controlled by an upgrade process that prioritizes safety: | Control Layer | Purpose | | -------------------------------- | ----------------------------------------------------------------------------- | | **Multisig Ownership (Council)** | Execution of approved parameter or contract updates | | **Timelock (if enabled)** | Allows the community to review before changes take effect | | **Global Pause Mechanism** | Enables temporary freeze of deposits/withdrawals in case of abnormal behavior | These controls exist to prevent unauthorized changes, mitigate cascading failure, and allow structured incident response. *** #### Audits All core vault and token contracts will need external security audits \ Any material upgrade or new vault listing triggers a new review cycle. Audit scope includes: * Permission and role controls * State transition integrity * PPS accounting correctness * Deposit / withdrawal flows * Emergency controls Audit reports will be publicly linked in the new section once published. *** #### Attack Surface Reduction The protocol avoids common high-risk DeFi patterns: | Risk Pattern Avoided | Why | | ---------------------------------- | --------------------------------------------- | | Rebase tokens | Breaks accounting across integrations | | Leveraged yield loops | Can fail catastrophically in volatile markets | | Auto-compounding vault recursion | Hard to monitor, can destabilize liquidity | | Flash-loan-sensitive oracle design | Eliminated by off-chain pricing and PPS model | Yield cannot be manipulated on-chain because it does **not** depend on AMM price, lending rates, or oracle variations.\ It depends only on **cash flows entering the system**, reflected in PPS. *** #### Emergency Controls If anormal conditions are detected (contract attack, unexpected price behavior, off-chain disruption), the protocol can be temporarily paused: * **Deposits and withdrawals freeze** * Capital is *not moved automatically* * Council initiates investigation and coordination * Normal operations resume once confirmed safe This mechanism is strictly defensive — **it does not allow reallocating or seizing user funds.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ledgity.finance/risk-framework/smart-contract-risk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.