# Risks ## **Smart Contract Risk** The protocol may contain smart contract vulnerabilities or bugs that could lead to asset loss or abnormal contract behavior. ### Mitigation Measures To minimize smart contract risks, we have implemented the following measures: 1. **Professional Audit**: All contracts have been audited by QuantStamp. (See the [Audits](/telegram-usd/security/audits.md) section for more details.) 2. **Emergency Pause Mechanism**: The Engine and Staking contracts include `halt` and `unhalt` functions, allowing immediate suspension in the event of abnormalities to prevent further damage. 3. **Multisig Governance**: Admin privileges are controlled by a multi-signature wallet, requiring approvals from multiple parties to execute sensitive operations (e.g., parameter adjustments), enhancing governance security. 4. **Bug Bounty Program**: Upon open-sourcing the contracts, a bug bounty campaign will be launched to incentivize community-driven vulnerability discovery and reporting. ## **Bridge Risk** ### Current Strategy * **Bridge Selection**: * We utilize decentralized bridges such as **Stargate, USDT0, and Symbiosis** to transfer USDT cross-chain. * **Stargate** and **USDT0** are built on **LayerZero**, a leading cross-chain messaging protocol that enables lightweight interchain communication and is currently the most widely used bridge by transaction volume. * If slippage ≤ 0.1%, cross-chain transfers are conducted directly via decentralized bridges. * If slippage > 0.1%, OTC bridging is used in combination to minimize cost and preserve capital efficiency. ### Key Risks * **Bridge Risk**: Smart contract vulnerabilities or liquidity shortages in Stargate, USDT0, or Symbiosis may lead to asset loss or fund lockup. * **OTC Counterparty Risk**: OTC trades are subject to credit and settlement risk. ### Mitigation Measures * **Slippage Control**: When slippage exceeds 0.1%, OTC bridging is used to stabilize execution and reduce cost. * **OTC Diversification**: Multiple OTC providers are engaged to diversify counterparty risk. * **Bridge Optimization**: We actively participate in testing and development of emerging cross-chain protocols on TON, such as ZetaChain. Once these alternatives reach maturity and security readiness, we will migrate to them to reduce OTC dependency. ## **External Protocol Risk** Deploying bridged USDT into third-party DeFi protocols introduces the following risks: * **Smart Contract Vulnerabilities**: Flaws in the target protocol may result in loss or failure to withdraw assets. * **Liquidity Shortage**: A sudden drop in TVL or pool depletion may cause excessive slippage or failed execution. * **Strategy Failure**: Yield strategies may underperform due to market volatility, liquidation events, or protocol logic changes. * **Operational Disruption**: Downtime caused by security incidents or protocol maintenance may render assets temporarily inaccessible. To mitigate these risks, we apply a strict screening framework and diversify capital allocation across qualified blue-chip protocols to balance yield and security. ### Screening Criteria These criteria apply to **protocols deployed outside the TON blockchain** to ensure cross-chain deployments meet our standards for security, stability, and liquidity recovery. 1. **Audit Requirements**: Must be audited by ≥2 reputable firms (evaluated based on past audits, community reputation, and historical issues). 2. **Operational Stability**: Live on mainnet for ≥1 year with no major security breaches or outages. 3. **TVL Threshold**: Average TVL ≥ $200M over the past 12 months. 4. **Strategy Risk**: * High-risk strategies (e.g., leverage) are not allowed. * Strategies that may incur losses (e.g., impermanent loss) are excluded. * Redemption period ≤ 7 days to ensure short-term liquidity. * No more than 20% of the protocol’s total TVL may be allocated. 5. **Emergency Preparedness**: Must include contingency mechanisms such as risk reserves or sufficient revenue to cover losses. 6. **Yield Benchmark**: APR over the past month must be stable. 7. **Blockchain Conditions**: * No downtime in the past 12 months. * Round-trip cross-chain latency ≤ 7 days. * Target chain’s total DeFi TVL ≥ $1B. 8. **Exception Policy**:\ Protocols that do not fully meet the above criteria may still be considered if their design is robust, operations are stable, and yields are promising—subject to internal review. Exposure to such protocols is capped at **5% of total assets** to balance innovation and risk control. ## **USDT Collateral Risk** Using USDT as 1:1 collateral introduces risks tied to centralization and fiat-backed reserves: 1. **Custodial Risk**: USDT reserves are held in regulated banks or trusts. These may be frozen due to legal actions or compliance enforcement. 2. **Compliance & Freezing Risk**: According to Tether’s terms, they may freeze addresses for regulatory or internal risk reasons. 3. **Banking Dependency Risk**: Tether’s reserves rely on traditional banking infrastructure, which can introduce systemic risk in the event of insolvency or regulatory action. 4. **Depeg & Market Volatility**: While generally pegged to USD, USDT has shown temporary deviations under stress (e.g., dropped to $0.95 during the Terra UST crash), affecting collateral value. ### Mitigation Measures * **Multi-Collateral Support**: Once the TON ecosystem supports additional stablecoins (e.g., USDC, USDe), the protocol will review and whitelist them as alternative collateral options to reduce issuer concentration risk. ## **Operational Security Risk** The protocol's fund operations are currently managed through a multi-signature wallet. While this maintains a reasonable level of security, there is still potential risk of signers being compromised or private keys being stolen. ### Mitigation Measures * All **end-signers** use **cold wallets** for transaction signing, reducing exposure to private key leaks and hot wallet attacks. * The protocol is developing **adapter contracts** on each chain to restrict interactions to approved protocols and actions.\ These are governed by **Safe Guard AI**, which provides automated risk controls at the operational level. (See relevant section for implementation details.) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.torch.finance/telegram-usd/security/risks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.