Aqua0
Security & Trust

Risks & disclosures

The main risks users and integrators should understand.

Smart contract risk

Any DeFi protocol involves smart contract risk. Even audited code can have unknown vulnerabilities.

Cross-chain risk

Cross-chain operations add additional risk surfaces, including messaging assumptions and bridge dependencies.

Market risk

Price movements, volatility, and liquidity conditions can affect execution outcomes.

Operational risk

Network congestion, chain outages, and RPC issues can delay completion or cause failures that require retry/cleanup.

Off-chain trust

Deposits sit in per-asset ERC-4626 vaults; the vault itself holds the tokens, and same-chain realized PnL is derived from on-chain settlement events (no key can move it). The one place off-chain trust remains is a narrowly-bounded PNL_REPORTER_ROLE, used only to value capital currently deployed cross-chain (in-flight, before the bridge/message finalizes): its reports are rate-clamped per epoch, losses are recognized immediately from events, gains vest over the epoch, and any over-report is clawed back at reconciliation against the real settlement amount. A GUARDIAN_ROLE can pause/veto (but not unpause alone) and a timelock'd multisig holds UPGRADER_ROLE. See Non-custodial design for the full breakdown of what each role can and cannot do.

No guarantees

Nothing in these docs is financial advice. Returns are not guaranteed.

On this page