# Risks

> **All DeFi protocols involve significant risk of loss.** ZenSats is experimental software interacting with multiple external protocols. You could lose all deposited funds.

## Smart Contract Risk

Bugs or exploits in Zenji vault, loan managers (Aave, LlamaLend), yield strategies, swappers, view helpers, or trackers could cause partial or total loss. Contracts are open source and use OpenZeppelin libraries but have **not** undergone a formal third-party audit.

## Liquidation Risk

Collateral price drops increase LTV. If LTV exceeds the lending protocol's liquidation threshold, positions can be liquidated at a penalty. LlamaLend uses soft liquidation (gradual); Aave uses instant liquidation.

## Third-Party Protocol Risk

### LlamaLend (active vaults)

- LLAMMA failure in extreme volatility
- Oracle failures affecting liquidation bands
- crvUSD minting exploit / insolvency
- Newer, less battle-tested than Aave

### Aave V3 (legacy vaults)

- Pool exploit, oracle manipulation, bad debt, governance attack
- Billions in TVL; years of operation, but past safety ≠ future safety

### StakeDAO / crvUSD-USDT LP (active vaults)

- Gauge or locker exploit
- CRV emission cuts reducing yield below borrow cost
- Pool imbalance increasing withdrawal cost
- crvUSD or USDT de-peg → impermanent loss

### RAAC / pmUSD (legacy vaults)

- pmUSD peg loss or illiquidity
- Newer asset with less history than established stablecoins

### Curve Finance

- Pool imbalance, smart contract exploit (e.g. 2023 vyper compiler incident)
- Active vaults: crvUSD/USDT LP. Legacy: USDT ↔ crvUSD swaps.

## Market Risk (Negative Spread)

Carry trade profit = strategy yield − borrow cost. If borrow rates spike or strategy yields drop, spread goes negative.

Examples:
- LlamaLend crvUSD borrow APY jumps on high utilization
- crvUSD/USDT pool returns decline from lower CRV emissions
- Frequent rebalancing slippage during volatility

If borrow cost is 10% and strategy earns 8%, leveraged position loses ~2% APR (before fees).

## Collateral / Peg Risk

- **WBTC** — BitGo custody risk
- **wstETH** — Lido smart contract risk
- **XAUT** — Tether Gold custody
- **crvUSD, USDT** — stablecoin de-peg risk

## Operational Risk

- Chainlink keeper downtime delays rebalance/harvest
- Gas spikes make upkeep uneconomic
- Frontend/API errors do not affect on-chain funds but may mislead users

## Mitigation (Not Elimination)

- Bounded on-chain parameters
- Timelocked swapper governance
- Emergency mode staged unwind
- Immutable loan manager/strategy per vault deployment
- Permissionless `rebalance()` and `harvestYield()`

**Use at your own risk. Read contract addresses on Etherscan before depositing.**