# SECURITY & RISK ## **Audits and Testing** Harmonix has undergone rigorous audits by Zenith, Verichains and Shieldify to ensure its smart contracts are secure and robust against vulnerabilities. Security extends beyond Harmonix’s own contracts. Integrated external protocols, DEXs, lending platforms, and other partners, are carefully vetted to minimize risk exposure, working only with verified and reputable projects. {% embed url="" %} {% embed url="" %} {% embed url="" %} ## Risks & How Harmonix Manages Them ### 1) Delta-Neutral **Negative funding rate** * **Risk:** In unfavorable market phases, the funding rate on tokens deployed by the vault can turn negative, causing **short-term loss**. Historically, **BTC/ETH** funding can fluctuate **\~5–10%** per year, and **HYPE** can be higher. * **Harmonix mitigation:** Maintain flexible **position sizing**, keep tight **delta-neutral** exposure, and **adjust re-hedge frequency** as funding shifts; rebalance allocations across markets/venues to **reduce time under negative funding**. **Spot–Perpetual spread & slippage** * **Risk:** Price differences between **spot** and **perpetual** and **slippage** on entries/exits can create **short-term unrealized PnL**, especially during **high volatility**. * **Harmonix mitigation:** Optimize **entry/exit** (deployment & unwind), use **smart order routing** to reduce slippage; accept some **temporary PnL** and hold positions long enough to **self-balance** as conditions normalize. **Liquidation risk** * **Risk:** Any leveraged position can face **liquidation** during sharp price moves. * **Harmonix mitigation:** **Rebalancing at safety thresholds** to proactively cut risk before hitting the **liquidation price**; enforce **leverage limits** and monitor **health metrics** in real time. ### 2) Looped Yield (Leverage-and-Borrow) **Short-term Borrow APY spike** * **Risk:** When market liquidity tightens, **Borrow APY** can spike, reducing or turning strategy **PnL negative**. * **Harmonix mitigation:** Maintain **low–moderate leverage** to balance **risk/return**; **actively manage** positions to **de-risk or reallocate** when borrowing costs rise abnormally. **Liquidation risk** * **Risk:** **Supply–borrow–loop** structures inherently face **liquidation** risk. * **Harmonix mitigation:** Set **appropriate leverage**, run **automation jobs** for continuous monitoring and early action; control **oracle risk** by using **vetted oracles** and cross-checks to limit mispricing. #### 3) Pendle Fixed Yield (PT) **Impermanent loss on early exit before maturity** * **Risk:** **PT tokens** deliver **fixed yield**, but **exiting before maturity** can incur **impermanent loss** versus holding to term. * **Harmonix mitigation:** **Right-size PT allocation** in each vault to **minimize early exits**; prefer **tenors** aligned with vault liquidity needs to **avoid realizing IL**. #### 4) Other risks **Smart contract risk** * **Risk:** Contract bugs can lead to loss of funds. * **Harmonix mitigation:** Prioritize **audits** with **Shieldify, Verichain, Zenith**; integrate **Hypernative** for **real-time monitoring**, with the ability to **pause vaults** and trigger incident response on anomalies. **Partners risk** * **Risk:** As a yield protocol, Harmonix integrates with multiple **partners/protocols** (venues, lending, perps, yield). Counterparty issues can affect the vault. * **Harmonix mitigation:** Work with **reputable, risk-vetted partners**; **monitor partner contracts** in real time. On risk signals, **Hypernative** triggers **predefined playbooks** to **avoid/minimize impact**. ### **Risk Matrix** | Risk | Probability | Impact | Mitigation Strategy | | -------------------------------------------- | ----------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Smart Contract Vulnerabilities | Low | High | Conduct thorough smart contract audits, integrate only well-audited protocols (AAVE, GMX), audited, using real-time audit from [Blocksec's Phalcon](https://blocksec.com/phalcon), Community bugs rewards, $1m in **insurance fund**. | | Oracle Manipulation | Low | Medium | Use highly secure and decentralized oracles (e.g., Chainlink); monitor oracle data feeds for anomalies. | | Market Volatility | Medium | Low | Maintain delta-neutral positioning; establish automated monitoring of health factor and leverage levels; use auto-rebalancing tools if available. | | Funding Rate Variability | Low | Medium | Diversify across funding rate opportunities where possible; set limits on dependency on short funding fees to avoid over-reliance on one revenue source. | | Counterparty Risk with Third-Party Protocols | Low | Medium | Use only well-established protocols with a strong track record (AAVE, GMX); monitor protocol updates, governance proposals, and partnership developments for any adverse impacts. | | Collateralization and Liquidation Risks | Low | Medium | Set a minimum health factor threshold (e.g., 1.5); implement automatic system to avoid liquidation. |