Aqua0
Security & Trust

Risks & disclosures

The main risks users and integrators should understand.

Smart contract risk

Any DeFi protocol involves smart contract risk. Even audited code can have unknown vulnerabilities.

Cross-chain risk

Cross-chain operations add additional risk surfaces, including messaging assumptions and bridge dependencies.

Market risk

Price movements, volatility, and liquidity conditions can affect execution outcomes.

Operational risk

Network congestion, chain outages, and RPC issues can delay completion or cause failures that require retry/cleanup.

Off-chain trust

The protocol holds three privileged off-chain identities: backendSigner (signs V4 JIT and repayment withdraw payloads), repaymentWorker (the only EOA permitted to call slp.withdrawForRepayment), and operator (the only EOA permitted to call slp.shipStrategy / dockStrategy / reshipStrategy). LP capital custody is non-custodial in the sense that the SLP itself holds the tokens and only the LP can withdraw their own balance. But per-LP attribution and strategy lifecycle authorization are off-chain and trust the team's signing keys. See Non-custodial design for the full breakdown.

No guarantees

Nothing in these docs is financial advice. Returns are not guaranteed.

Non-custodial design

What “non-custodial” means in Aqua0, and what it does not mean.

Audits & security process

How we approach audits, monitoring, and incident response.

On this page

Smart contract riskCross-chain riskMarket riskOperational riskOff-chain trustNo guarantees