Skip to main content
Understanding smart contract risks and how TED Protocol mitigates them Smart contracts are immutable code deployed on blockchains. While they enable trustless operations, they carry inherent risks.

Risk Types

Code Vulnerabilities

Bugs or logic errors could lead to loss of funds.
  • Types: Reentrancy attacks, integer overflow, access control failures, logic errors
  • Mitigations:
    • Multiple independent audits
    • Battle-tested OpenZeppelin libraries
    • Extensive testing (unit, integration, fuzzing)
    • Active bug bounty program

Upgrade Risks

Upgradeable contracts could theoretically introduce vulnerabilities.
  • Mitigations:
    • Diamond Pattern (EIP-2535) for modular upgrades
    • 48-hour timelock delay
    • 3-of-5 multi-sig approval required
    • Full transparency in upgrade history

Dependency Risks

Vulnerabilities in integrated external protocols could affect us.
DependencyRisk LevelNotes
Curve FinanceLowBillions in TVL, multiple audits
Uniswap V3LowBillions in TVL, multiple audits
Circle CCTPLowInstitutional-grade
LayerZeroLow$10B+ secured
WormholeMediumRecovered from 2022 incident, improved security

Oracle Risks

Price oracle manipulation could occur.
  • Mitigations:
    • Stablecoin focus minimizes oracle dependency
    • DEX spot prices instead of external oracles
    • TWAP protection where applicable
    • Slippage limits as final safeguard

Security Measures

Audit Status

  • Primary Audits: Core contracts and bridge integrations scheduled
  • Automated Scanning: Continuously active
  • Report Publication: Will be published when available

Security Patterns

  • Reentrancy Protection: Locks during execution
  • Access Control: Role-based
  • Pausability: For emergency response
  • Implementation Standard: OpenZeppelin battle-tested implementations

Emergency Controls

ActionRequired Approval
Pause2-of-5 multi-sig
Unpause3-of-5 multi-sig
Upgrade3-of-5 + timelock
Emergency Withdrawal4-of-5 multi-sig

Contract Architecture

TED Protocol uses the Diamond Pattern (EIP-2535).

Structure

  • DiamondProxy: Single entry point
  • FXSwapFacet: Swap logic
  • DEX Adapters: Curve, Uniswap
  • Bridge Facets: CCTP, LayerZero, Wormhole
  • AdminFacet: Governance

Benefits

  • Single entry point reduces attack surface
  • Modular upgrades (changing one facet doesn’t affect others)
  • Improved gas efficiency
  • No contract size limits

Storage Safety

All facets share diamond storage using unique storage positions, preventing storage collision issues that have affected other upgradeable contracts.

Testing

TypeTarget Coverage
Unit Tests95%+
Integration Tests80%+
Fuzz TestsAll critical paths
Invariant TestsCore accounting logic
Fork TestsAgainst mainnet state

Bug Bounty

SeverityReward
CriticalUp to $100,000
High$25,000
Medium$5,000
Low$1,000
In Scope:
  • Smart contracts on all supported chains
  • Bridge integrations
  • TEDP token contracts
Out of Scope: Frontend issues, third-party services Report: [email protected]

User Protections

Transaction Safeguards

  • Slippage Limits: Revert if output falls below minimum
  • Deadlines: Revert transactions that are too old
  • Validation: Amount and address validation prevents common errors

If Something Goes Wrong

SituationResponse
Swap failsFull refund minus gas
Bridge transfer stuckManual retry available
Contracts pausedWithdrawals still work
Exploit detectedEmergency pause + fund recovery procedures