Security, Audit & Risk Framework

LiquidBots is built to control capital - and that demands infrastructure-level trust.

The protocol handles automated execution, vault custody, and real trading flows. That means security isn’t an audit badge - it’s an operational doctrine.

Smart Contract Security

Development Principles

  • All core modules (vaults, bot logic, strategy engine) written in battle-tested Solidity

  • Modular upgradable design using proxy architecture (ERC1967 or Diamond standard)

  • Extensive use of open-source primitives (OpenZeppelin, PRBMath, SafeERC20)

  • Gas attack-resistant execution functions (guarded writes, dynamic slippage control)

Contract Classes

Contract Type
Status
Description

GridBotEngine

Audited (Planned)

Core range execution logic

DCAManager

Audited (Planned)

Time-based entry logic

VaultFactory

Audited (Planned)

Creates vaults with strategy templates

VaultProxy

Audited (Planned)

Upgradable vault wrapper

TokenManager

Internal Review

LBOT/escrow/staking contract set

Router + VaultRouter

Audited (Planned)

Revenue routing, PnL flows

Audit Partners (Planned)

  • Zokyo, Zellic, Spearbit, or Code4rena (TBD based on funding)

  • Minimum of 1 full audit(s) before mainnet vault deployment

  • Public audit reports will be posted in GitBook & GitHub

Strategy Risk Management

Layer
Control Mechanism

Max Position Size

Per vault cap (soft + hard), enforced on-chain

Drawdown Limits

Vault logic halts execution if max DD% hit

Funding Risk Controls

Arb + Grid strategies adapt to FR changes or pause if negative spread

Oracle Protection

Multi-oracle feeds (Pyth, Chainlink, fallback native DEX oracles)

Auto Liquidation Throttle

Configurable per vault to avoid cascading risk

Whitelisting (Phase 1)

Strategists gated by esLBOT stake + DAO vote

Operational Security

  • All admin functions gated behind 3/5 multisig (core + external signers)

  • Full audit trail of contract upgrades and revenue flows via public subgraph

  • Vault creation gated via VaultFactory + Registry, preventing rogue vaults

  • Emergency “pause” hooks built into each critical contract (vaults, routers, bot logic)

  • Redundant bot execution relays with permission controls (for Telegram/API interfaces)

Economic Risk Mitigation

  • Insurance Fund (allocated % of protocol revenue)

    → Backstops vaults in the event of execution failure, oracle faults, or abnormal slippage losses.

  • No direct revenue-sharing with LBOT holders

    → All value routed through esLBOT staking or token accumulation to avoid security classification.

  • No protocol-level leverage

    → Strategies operate on isolated vault capital with no protocol wide margin exposure.

  • Zero mint function on token contract

    Supply is hard-capped at 1,000,000,000 LBOT - no inflation risk.

Audit & Bounty Commitment

  • Audit 1: Post-finalization of vault logic and routers

  • Audit 2 (TBA): Post-public testnet + strategy templates

  • Immunefi-style bug bounty program (live post-mainnet), tiered by impact, distributed in a mix of stables & escrowed tokens:

    • Critical: up to $15k

    • High: $10k

    • Medium: $5k

LiquidBots is built to control capital, not just route it — and that means every vault, every contract, and every dollar must be protected by design, not hope.

Security is the alpha.

PreviousTGE Strategy & Launch PlanNextLegal, Regulatory & Compliance Framing

Last updated