This page highlight a non-exhaustive list of identified risks. Please, be aware that interacting with Synthereum and any other protocol carry risks of losing part or all your funds. Only invest using money that you are comfortable with losing.
To interact with the protocol, you may use an interface comprising a front end and a back end that may suffer from a degradation in performance which may result in losses. More specifically, such degradation may:
- slow down the platform or makes it inaccessible;
- display inaccurate and misleading data;
- make performing an operation slower.
If you lose access to your private key or seed phrase or if it becomes compromised, you will permanently lose access to your funds, or your funds could be stolen. When interacting with cryptocurrencies, you safeguard your private keys, seed phrases, or any recovery method. You must be aware of common attacks such as phishing emails, websites or applications, keyloggers, etc.
Trading is a risky activity that can lead to losing all your funds. Trading may also create addiction.
Please consult a professional who might advise you on whether or not trading fits your financial profile and personality.
The Synthereum protocol is a set of smart contracts holding users' and liquidity providers' funds and is secured using Chainlink's oracle.
- smart contracts can carry issues that can be exploited, whether maliciously or by accident, leading to the partial or total loss of your funds;
- you need to authorize a smart contract to interact with your tokens by giving it an allowance; allowance can be given for a specific or unlimited amount; if you were to give an unlimited allowance to a smart contract, and if the latter is being exploited, it could steal the tokens which were given an unlimited allowance.
A security breach or a hack is irreversible. It leads, in most cases, to the total loss of the funds without the possibility of recovering them through legal means or insurance. There cannot be bug-free software despite respecting all the development best practices and running multiple security audits.
Besides technical risks, the way the protocol is designed involves economic risks.
- Suppose the health ratio of all the positions in a pool is under the minimum health ratio. In that case, the virtual liquidity will be zero, and no more jFIATs can be bought through this pool until the situation is resolved. If all the pools providing liquidity to a certain jFIAT become in this situation, this particular jFIAT could no longer be bought through this method. This could complicate arbitrages or liquidations or, under some circumstances, make them impossible. This could impact the stability and liquidity of the jFIATs.
- If the smart contracts or the money market where the jFIATs printed are deposited is exploited, the jFIATs may end up in the circulating supply; in that case, there would be uncollateralized jFIATs in circulation.
- Oracle price updates could be front-run under certain circumstances. This could lead to a malicious actor knowing the future price and performing a profitable trade at the expense of the liquidity providers if the difference between the two prices is bigger than the trading fees.
Synthereum protocol has an emergency shutdown mechanism that can be triggered in case of a security threat. It will liquidate and burn all the jFIATs, whose holders would receive the equivalent in USDC. As a result, this may lead to a partial or total loss of funds and various undesired side effects for contracts holding jFIATs. The emergency shutdown could be triggered in case of a security threat by the Jarvis multi-sig core team. A DAO will replace the latter.
The Synthereum protocol uses Chainlink oracle, which provides on-chain price feeds for executing trades. Chainlink aggregates the prices from multiple data providers and data sources in a decentralized and trustless way to ensure that the prices you are trading at cannot be altered and that the price feed is never down. This enables trust between the counterparties involved in the trade since they are sure that either counterparty cannot manipulate the price feed and that the latter is always accessible.
Chainlink has a proven track record demonstrating that even in cases where the Blockchain was congested, they kept updating the prices successfully and on time. Even though Chainlink is a trusted and battle-tested solution, it cannot guarantee that no issue causing users to lose funds will not happen.
- Because transactions on a Blockchain are not instant, it is possible that the price changes between the time a trade is requested and the time it is executed, causing the user to trade at a better or worse price. This is called slippage.
- On-chain price feeds are not in real-time. They are updated every time the underlying asset's price moves by a certain threshold (0.1% for most jFIATs). It means that users may be unable to trade at the real market price, which in some cases may prevent them from buying, selling, or exchanging at a more favorable price.
- On-chain price feeds are updated when the underlying market price moves by at least the threshold. The difference between two price updates can be way more important than the threshold. This could lead to a malicious actor trying to front-run the oracle price update or prevent users from transacting at a better price.
- On-chain price feeds require a transaction on the Blockchain to update the price. When the network is congested, these updates could take longer to complete, which may prevent users from buying, selling, or exchanging at the most up-to-date prices.
- On-chain price feeds can accidentally or maliciously provide an incorrect price, which in some cases could occur losses to the users, the liquidity providers, or the protocol.
The collateral of the jFIATs minted through Liquidity Pools, Credit Lines, or Wrappers is deposited within Aave v3. This creates two main risks:
- Suppose most of the assets deposited by Synthereum in Aave are borrowed (liquidity crisis due to over demand or to a bank run). In that case, it could make redeeming jFIATs for their collateral impossible. The total amount of collateral that can be redeemed is limited to the total liquidity available on Aave v3 for this collateral.
- In the case the Aave protocol is exploited, the collateral behind each jFIAT could be stolen, leaving jFIAT without any collateral or with partial collateral.
jFIATs are mainly backed by fiat-backed stablecoins (USDC, BUSD, EURe, etc.). These stablecoins are issued by regulated entities in the US or Europe and therefore carry regulatory and censorship risks. For example, Circle, the company issuing USDC, could decide or be forced to blacklist Synthereum’s contract, making minting and redeeming impossible and therefore causing the value of jFIATs to drop to 0.
In addition to these risks, each collateral carries its own risk.
USDC and BUSD are not fully collateralized by US dollars but rather by a mix between US dollars (cash deposit) and US treasury bills. Each month, Circle publishes a monthly attestation on its website stating that the value of the collateral exceeds the value of the USDC in circulation and a monthly reserve report to share the allocation of the collateral. Paxos is also publishing a monthly attestation on its website.
For example, as of August 2022, Circle announces that USDC is backed at 22% by cash and cash equivalent, the rest being comprised of Certificates of Deposit issued by non-U.S banks, U.S. Treasuries, commercial paper, and municipal and corporate bonds. If USDC's collateral happens to be worth less than a dollar, it could cause the value of jFIATs to drop.
Fiat-backed stablecoins have been chosen as they provide the deepest liquidity and the most robust peg to the dollar. USDC and BUSD have been chosen for their liquidity over other audited fiat-backed stablecoins. Fiat-backed stablecoins have been selected over decentralized stablecoins as it is easier to anticipate their regulatory and centralization risks than the technical and systemic ones that decentralized stablecoins carry. However, the goal of Synthereum is to be fully decentralized; therefore, USDC may eventually be replaced by a more censorship-resistant stablecoin.
Synthereum is deployed on Ethereum, Avalanche, Gnosis Chain, and Polygon. These networks can be congested, which could make it hard to perform a transaction on time. This could occur a loss to users.
Polygon Network is an EVM-compatible sidechain in the process of progressive decentralization. As of now, it is secured by a multi-signature setup which carries several risks:
- there is no way to know if different persons hold the keys;
- there is no way to know if the keys have not been compromised or shared;
- keys holder(s) could decide, or could be forced to, access to all funds of the network and can bypass the security of the Polygon consensus mechanism to move back funds to Ethereum.