Security

The security of users' funds and the platform as a whole is our number 1 priority. We have many measures in place, both on- and off-chain in support of this goal.

System limits

Circuit Breaker

Perp v3 uses an onchain circuit breaker mechanism to protect the system when certain conditions are met that indicate a hack, exploit or breach. When the circuit breaker conditions are met, some operations will revert, such as withdrawals.

In addition, when the circuit breaker is triggered, the system can be manually locked if an attack is confirmed to be taking place, causing a full system pause. If locked, a governance vote will be held to determine subsequent steps.

Triggers

• TBC

• Grace Period

Liquidity limits

While not a parametric limit, open interest in the system cannot exceed the value of liquidity provided by LPs. If liquidity is exhausted, it will only be possible to close or reduce positions.

System collateral caps

Coming Soon™️ 🏗️

User deposit caps

Coming Soon™️ 🏗️

Frontrun protection

For trades with oracle price pools, a 3 second delay is enforced to prevent traders from frontrunning the oracle price feed received by the DEX. For trades performed via the DEX gateway, this is handled automatically. For trades performed using smart contract interaction, two transactions must be sent: the initializing transaction, and an execution transaction with a timestamp 3 seconds later or more.

Oracle safety

Coming Soon™️ 🏗️

Audits

See Security & Audits for details.

Project security

Perpetual Protocol contracts external auditors to check production code before users deposit the first $1 of funds. Once code goes live, our bug bounty program serves to attract whitehats to find vulnerabilities and exploits in return for prize money. See Security & Audits for details.

Perpetual Protocol also has policies in place to ensure the code being sent to auditors is as strong as it can be. Programmers work in pairs while coding, putting two sets of eyes on the task at all times. Internal reviews ensure each commit is checked before being pulled. Our team also includes a security specialist who researches exploits and code integrity on a continuing basis.

All funds and contract owner addresses are held by multi-sig safes. The signer wallets are intentionally distributed across different wallet types and manufacturers to mitigate spread of contagion should a wallet experience a hack.

In addition to our official bug bounty program administered by ImmuneFi, we also regularly work with community researchers and whitehats to find bugs and offer rewards for issues outside the official bug bounty scope. If you found a bug, Contact us!

Smart Accounts

ERC-4337 smart accounts are powered by ZeroDev (Kernel). Smart accounts (aka account abstraction) let users sign up for and use decentralized financial tools without relying on a third party custodian, while also having the technical aspects of self-custody abstracted out of the experience. This is a major advantage for non-technical users.

Audit: The ZeroDev Kernel wallet was audited by Kalos.

2FA: Using ZeroDev, users can add a second factor for use in authentication, further enhancing the security of their account.