Smart Contract Risk

The on-chain infrastructure of Ledgity is intentionally minimalist to reduce attack surface and complexity. Smart contracts are designed to be transparent, upgrade-controlled, and auditable, ensuring that the on-chain system remains stable even as TVL scales.

The architecture focuses on custody safety, deterministic yield accounting, and predictable liquidity flow rather than complex on-chain logic.

Contract Design Principles

  • No leverage is used anywhere on-chain.

  • No rebase mechanics: yield is reflected through Price-Per-Share (PPS), preventing integration issues.

  • Vaults are segregated: a failure in one vault cannot impact another.

  • No algorithmic yield generation: contracts do not “seek” yield; they reflect yield produced off-chain.

This significantly reduces systemic risk and composability failures.

Upgrade & Permission Controls

Smart contracts are controlled by an upgrade process that prioritizes safety:

Control Layer
Purpose

Multisig Ownership (Council)

Execution of approved parameter or contract updates

Timelock (if enabled)

Allows the community to review before changes take effect

Global Pause Mechanism

Enables temporary freeze of deposits/withdrawals in case of abnormal behavior

These controls exist to prevent unauthorized changes, mitigate cascading failure, and allow structured incident response.

Audits

All core vault and token contracts will need external security audits Any material upgrade or new vault listing triggers a new review cycle.

Audit scope includes:

  • Permission and role controls

  • State transition integrity

  • PPS accounting correctness

  • Deposit / withdrawal flows

  • Emergency controls

Audit reports will be publicly linked in the new section once published.

Attack Surface Reduction

The protocol avoids common high-risk DeFi patterns:

Risk Pattern Avoided
Why

Rebase tokens

Breaks accounting across integrations

Leveraged yield loops

Can fail catastrophically in volatile markets

Auto-compounding vault recursion

Hard to monitor, can destabilize liquidity

Flash-loan-sensitive oracle design

Eliminated by off-chain pricing and PPS model

Yield cannot be manipulated on-chain because it does not depend on AMM price, lending rates, or oracle variations. It depends only on cash flows entering the system, reflected in PPS.

Emergency Controls

If anormal conditions are detected (contract attack, unexpected price behavior, off-chain disruption), the protocol can be temporarily paused:

  • Deposits and withdrawals freeze

  • Capital is not moved automatically

  • Council initiates investigation and coordination

  • Normal operations resume once confirmed safe

This mechanism is strictly defensive — it does not allow reallocating or seizing user funds.

PreviousRWA RiskNextLiquidity Risk

Last updated