Skip to main content

Smart contract risk

Usual is a DeFi bank. Every product, every balance, and every transaction runs through smart contracts on Ethereum and other chains. That means smart contract risk is unavoidable — it can only be managed, not eliminated. This article explains how Usual manages it.

What smart contract risk is

Smart contract risk is the possibility that a bug, exploit, or unexpected interaction in the code leads to loss of funds. Common attack vectors:

  • Arithmetic overflow or underflow — a calculation produces the wrong result

  • Reentrancy — a function calls another function that calls back into the first

  • Access control flaws — unauthorized addresses can execute privileged actions

  • Oracle manipulation — a price feed can be pushed in a direction that enables profitable attacks

  • Upgrade path exploits — an upgrade introduces a bug or a privilege escalation

  • Unforeseen interactions — two separately-safe contracts interact in a way that creates a vulnerability

Every DeFi protocol is exposed to this category of risk. The question is how much you mitigate it.

How Usual manages smart contract risk

1. Audits — over 20 of them

Usual has been audited more than 20 times by the following firms:

  • Cantina

  • Sherlock

  • Spearbit

  • Halborn

  • Hexens

  • Paladin

  • Blackthorne

Each audit covers a defined scope (new contract, upgrade, or specific feature) and produces a public report. Audit findings are addressed before deployment. Reports are available on docs.usual.money.

2. Bug bounty — $7.5M via Cantina

Usual runs a public bug bounty program via Cantina with rewards up to $7.5 million for critical vulnerabilities. This is the largest bug bounty in Usual's ecosystem and one of the largest in DeFi. Responsible disclosure through the program is rewarded.

(Note: Fira has a separate $500K bug bounty via Sherlock — do not conflate the two.)

3. Pause mechanism

In the event of a discovered critical vulnerability, the protocol has an emergency pause mechanism. The pause can:

  • Halt new deposits

  • Halt redemptions

  • Halt minting / burning

This is controlled by a multi-sig emergency committee with clearly defined access rules. The pause is a defensive tool — it buys time to analyze the problem and coordinate a fix without losing more funds.

4. Governance review of upgrades

Any protocol upgrade that changes how contracts behave requires DAO approval via a UIP. This prevents unilateral upgrades that might introduce bugs or privileged backdoors.

5. Open source code

All Usual contracts are open source. Anyone can review the code, propose improvements, or identify bugs. This is the ultimate defense against opaque code risks.

6. Multiple independent deployments

Different product lines (USD0, bUSD0, ETH0, USUALx) are deployed as distinct contract sets. A bug in one contract does not automatically compromise the others. This compartmentalization limits the blast radius of any exploit.

Residual risk

Even with 20+ audits and a $7.5M bounty, smart contract risk is not zero. Audits can miss things. Bounty programs rely on researchers finding bugs before attackers. Pause mechanisms depend on rapid incident response.

What this means for you:

  • Do not assume any DeFi product is safe just because it has been audited

  • Match your exposure to your risk tolerance

  • Keep large holdings in simpler products (USD0) rather than more complex ones (Vaults, Alpha)

  • Use hardware wallets for large balances

  • Diversify across multiple products and chains

  • Monitor official communication channels for incident announcements

A mental model

Think of smart contract risk like aviation safety. Modern planes are incredibly safe because of layered defenses: multiple checks, redundant systems, trained responders, and transparent incident reporting. But planes still occasionally have incidents. Usual's approach is similar: layered defenses, but not infallible.

The right response is not to avoid flying — it is to fly with informed awareness of the risks and the mitigations.

How to stay informed

  • Audit reports — published on docs.usual.money

  • Bug bounty — managed by Cantina, announcements via official channels

  • Incident communications — Discord, X, blog, governance forum

  • Governance proposals — UIPs related to security and upgrades

Note: No amount of auditing can fully eliminate smart contract risk. If you cannot afford to lose what you put into a DeFi product, do not put it in. This is a general DeFi rule, not specific to Usual.

Technical note (for DeFi users): Usual's contracts are deployed on Ethereum, Arbitrum, Base, and BNB Chain. The emergency pause mechanism is gated by a multisig with defined quorum requirements. Upgradability patterns use proxy contracts with governance-controlled upgrade paths. Full contract addresses, proxy patterns, and audit scopes are documented in the docs.

Related articles

Did this answer your question?