Security and Risk
Understanding the Risks: Security, Infrastructure & Valuation Integrity
DeFi Exposure
While DeTrade prioritizes capital preservation through careful protocol selection, investing in DeFi protocols comes with inherent risks that users must fully understand.
Smart Contract Risk
All vault operations rely on smart contracts, especially those built by Lagoon and other DeFi protocols. Even if contracts have been audited, the risk of bugs, exploits, or vulnerabilities remains. A single flaw can lead to partial or total loss of funds.
Depeg Risk
Many vaults hold assets like stablecoins, staked ETH, or Liquid Staking Tokens (LSTs). These assets are designed to track a reference value (e.g., $1 or ETH), but may lose their peg due to market stress, poor collateral management, or systemic failures. A depeg event can significantly impact vault value, either temporarily or permanently.
💡 DeTrade takes these risks very seriously. Every opportunity is analyzed in depth, and funds are only deployed when the potential returns clearly outweigh the associated risks — and when those risks are sufficiently mitigated by the protocol's design and security practices. If our assessment reveals unacceptable exposure, we do not invest, regardless of how attractive the returns may seem.
Infrastructure
DeTrade operates on top of Lagoon infrastructure, leveraging audited smart contracts and additional safety mechanisms to protect users' capital. However, even with robust engineering and multiple security layers, risks remain.
Lagoon Smart Contracts
All vault logic — including deposits, withdrawals, and yield strategies — runs on Lagoon contracts audited by Nethermind, a reputable firm in the Ethereum ecosystem. While audits drastically reduce risk, they do not eliminate the possibility of vulnerabilities or edge-case failures.
Multisig Governance
Vault management is secured by a multisignature wallet (multisig), ensuring no single party can control or move funds unilaterally. This setup greatly enhances security but still carries a non-zero risk as the multisig itself is a smart contract potentially subject to bugs or mismanagement.
Cooldown Mechanisms
Deposits and withdrawals are subject to cooldown periods to prevent abuse or timing-based attacks. These mechanisms improve security and protocol stability, though they introduce a short delay in liquidity access and are not a universal safeguard against all threat vectors.
💡 Our infrastructure has been thoroughly audited by Nethermind, with multiple security reviews available in the Audits section below, covering both core protocol mechanisms and specific implementations.
Oracle Design
Unlike many DeFi systems that rely on automated price feeds, DeTrade has adopted a manual oracle system for computing and updating the Net Asset Value (NAV) of each vault — a key choice for security. Learn more about our oracle system in the FAQ.
Off-Chain Valuation
Vault values are calculated off-chain by the DeTrade team using real yield data from the underlying strategies. This valuation is not driven by on-chain oracles, which are often vulnerable to manipulation.
Human Verification
Every NAV update and subsequent minting or burning of shares undergoes manual validation before being submitted on-chain. This ensures no automated process can be exploited to manipulate the share price or create arbitrage opportunities.
Exploit Mitigation
By removing real-time on-chain price feeds from the critical path, DeTrade eliminates common oracle manipulation vectors (e.g., flash loan-based price distortion), making it far more difficult for attackers to game the system during deposits or withdrawals.
💡 This manual, human-in-the-loop system strengthens DeTrade's resistance to one of DeFi's most common attack surfaces — price oracle exploits — while maintaining transparency and operational control.
Audits
DeTrade's security is built on Lagoon's thoroughly audited infrastructure. These comprehensive audits, conducted by Nethermind, one of the most respected security firms in the Ethereum ecosystem, validate both Lagoon's core infrastructure and the specific implementations used by DeTrade.
💡 While these audits significantly strengthen our security posture, we maintain ongoing vigilance and continuous security monitoring as part of our commitment to protecting user funds.