Usual is a DeFi bank. Every product, every balance, and every transaction runs through smart contracts on Ethereum and other chains. That means smart contract risk is unavoidable — it can only be managed, not eliminated. This article explains how Usual manages it.
What smart contract risk is
Smart contract risk is the possibility that a bug, exploit, or unexpected interaction in the code leads to loss of funds. Common attack vectors:
Arithmetic overflow or underflow — a calculation produces the wrong result
Reentrancy — a function calls another function that calls back into the first
Access control flaws — unauthorized addresses can execute privileged actions
Oracle manipulation — a price feed can be pushed in a direction that enables profitable attacks
Upgrade path exploits — an upgrade introduces a bug or a privilege escalation
Unforeseen interactions — two separately-safe contracts interact in a way that creates a vulnerability
Every DeFi protocol is exposed to this category of risk. The question is how much you mitigate it.
How Usual manages smart contract risk
1. Audits — over 20 of them
Usual has been audited more than 20 times by the following firms:
Cantina
Sherlock
Spearbit
Halborn
Hexens
Paladin
Blackthorne
Each audit covers a defined scope (new contract, upgrade, or specific feature) and produces a public report. Audit findings are addressed before deployment. Reports are available on docs.usual.money.
2. Bug bounty — $7.5M via Cantina
Usual runs a public bug bounty program via Cantina with rewards up to $7.5 million for critical vulnerabilities. This is the largest bug bounty in Usual's ecosystem and one of the largest in DeFi. Responsible disclosure through the program is rewarded.
(Note: Fira has a separate $500K bug bounty via Sherlock — do not conflate the two.)
3. Pause mechanism
In the event of a discovered critical vulnerability, the protocol has an emergency pause mechanism. The pause can:
Halt new deposits
Halt redemptions
Halt minting / burning
This is controlled by a multi-sig emergency committee with clearly defined access rules. The pause is a defensive tool — it buys time to analyze the problem and coordinate a fix without losing more funds.
4. Governance review of upgrades
Any protocol upgrade that changes how contracts behave requires DAO approval via a UIP. This prevents unilateral upgrades that might introduce bugs or privileged backdoors.
5. Open source code
All Usual contracts are open source. Anyone can review the code, propose improvements, or identify bugs. This is the ultimate defense against opaque code risks.
6. Multiple independent deployments
Different product lines (USD0, bUSD0, ETH0, USUALx) are deployed as distinct contract sets. A bug in one contract does not automatically compromise the others. This compartmentalization limits the blast radius of any exploit.
Residual risk
Even with 20+ audits and a $7.5M bounty, smart contract risk is not zero. Audits can miss things. Bounty programs rely on researchers finding bugs before attackers. Pause mechanisms depend on rapid incident response.
What this means for you:
Do not assume any DeFi product is safe just because it has been audited
Match your exposure to your risk tolerance
Keep large holdings in simpler products (USD0) rather than more complex ones (Vaults, Alpha)
Use hardware wallets for large balances
Diversify across multiple products and chains
Monitor official communication channels for incident announcements
A mental model
Think of smart contract risk like aviation safety. Modern planes are incredibly safe because of layered defenses: multiple checks, redundant systems, trained responders, and transparent incident reporting. But planes still occasionally have incidents. Usual's approach is similar: layered defenses, but not infallible.
The right response is not to avoid flying — it is to fly with informed awareness of the risks and the mitigations.
How to stay informed
Audit reports — published on docs.usual.money
Bug bounty — managed by Cantina, announcements via official channels
Incident communications — Discord, X, blog, governance forum
Governance proposals — UIPs related to security and upgrades
Note: No amount of auditing can fully eliminate smart contract risk. If you cannot afford to lose what you put into a DeFi product, do not put it in. This is a general DeFi rule, not specific to Usual.
Technical note (for DeFi users): Usual's contracts are deployed on Ethereum, Arbitrum, Base, and BNB Chain. The emergency pause mechanism is gated by a multisig with defined quorum requirements. Upgradability patterns use proxy contracts with governance-controlled upgrade paths. Full contract addresses, proxy patterns, and audit scopes are documented in the docs.
Related articles
