Docs
Whitepaper
Security Model

Security Model

SoulPeg's security strategy combines protocol-level constraints with carefully vetted integrations. While maintaining minimal trust assumptions and on-chain enforceability, the protocol integrates with Venus Protocol for sustainable yield generation.

Core Security Principles

Minimal Attack Surface

The protocol deliberately excludes high-risk features:

  • Price oracles (except Venus's internal ones)
  • Rebase mechanics
  • Automated liquidity balancing
  • Cross-chain bridges
  • Complex DeFi composability

Vetted Integration: Venus Protocol

The only external protocol integration is with Venus Protocol, chosen for:

  • Battle-tested: Operating since 2020 with >$1B TVL
  • Audited: Multiple audits by leading security firms
  • Isolated: Integration limited to USDC lending only
  • Transparent: All rates and operations verifiable on-chain

Permissioned Minting and Transfers

All sUSDC minting flows (depositAndMint, rewardMint) are gated behind onlyOwner. Transfers are restricted via soulbound enforcement and cannot occur unless explicitly permitted by lock status or DEX whitelist.

Manual Unlocking

There is no automatic transition from locked to unlocked. Users must manually call unlock() after their lock expires, ensuring conscious action before transfer is allowed. Admins may call adminUnlock() only in exceptional cases.

Daily Limits

Two daily counters (DAILY_DEPOSIT_LIMIT, DAILY_MINT_LIMIT) ensure that no large-scale minting or flooding can occur in a 24-hour window, even if admin keys are compromised. This rate-limiting acts as a throttle against economic or governance-based attacks.

Emergency Controls

The protocol includes:

  • pause() and unpause() to stop minting and redeem flows
  • emergencyWithdrawUSDC() to evacuate capital from the contract
  • recoverToken() to reclaim non-sUSDC tokens sent by mistake
  • maintenanceOperation() for KYC-verified emergency recovery (V4)

These controls are owner-only and expected to be governed by a multisig with potential timelock extension.

Maintenance Operation (V4)

StakeableAssetImplV4 introduces a critical safety feature for emergency scenarios:

function maintenanceOperation(
    address from,
    address to,
    uint256 amount,
    string calldata reason
) external onlyOperatorOrOwner nonReentrant

Purpose: Recover funds in verified emergency situations such as:

  • Lost private keys with KYC verification
  • Court-ordered fund recovery
  • Compromised accounts (phishing victims)

Security Measures:

  • Requires user's prior USDC approval to contract
  • Restricted to OPERATOR_ROLE or owner
  • Full on-chain audit trail with reason
  • KYC verification required off-chain
  • Multi-signature approval for large amounts

Event Logging and Transparency

All sensitive operations emit events. This enables:

  • Real-time monitoring
  • Analytics dashboard integration
  • On-chain forensics and community auditing

Venus Protocol Risk Mitigation

Smart Contract Risk

  • Risk: Venus Protocol smart contract vulnerabilities
  • Mitigation:
    • Venus has been audited multiple times
    • Operating safely since 2020
    • Only using core lending functionality
    • Emergency withdrawal mechanisms in place

Interest Rate Risk

  • Risk: Variable Venus APY could decrease
  • Mitigation:
    • Transparent rate display in UI
    • No promises of fixed yields
    • Additional governance rewards possible
    • Users can withdraw anytime after unlock

Liquidation Risk

  • Risk: None - SoulPeg only supplies, never borrows
  • Mitigation: Single-sided lending has no liquidation risk

Integration Risk

  • Risk: Issues with Venus integration
  • Mitigation:
    • StrategyRouter can redirect funds if needed
    • Owner can pause deposits
    • Emergency USDC recovery functions
    • Modular design allows strategy changes

SPUSD Security Considerations

Wrapper Contract Security

The StUSDCWrapper contract implements multiple security measures:

  • Immutable Design: No admin functions to drain funds
  • Reentrancy Protection: Guards on wrap/unwrap operations
  • Lock Enforcement: Prevents unwrapping of vested tokens
  • Role-Based Access: Only authorized addresses can lock tokens

Economic Security

SPUSD maintains its peg through:

  • 1:1 Backing: Every SPUSD backed by exactly 1 sUSDC
  • Arbitrage Mechanisms: Natural peg maintenance through trading
  • No Algorithmic Risk: Simple mint/burn model
  • Deep Liquidity: Protocol and user-provided liquidity pools

Security Architecture Layers

1. Token Contract (StakeableAssetImpl)

  • Upgradeable proxy pattern for fixes
  • Role-based access control
  • Reentrancy guards on all external calls
  • Pause mechanism for emergencies
  • V4: maintenanceOperation for emergency recovery

2. Strategy Router

  • Owner-controlled strategy management
  • Weight-based allocation system
  • No user funds held directly
  • Clear separation of concerns

3. Venus Vault (VenusUSDCVault)

  • ERC-4626 standard implementation
  • Minimal, auditable code
  • No additional logic beyond Venus interaction
  • Clear asset/share accounting

Summary

SoulPeg's security model balances the benefits of DeFi yield generation with robust risk controls. By limiting external integrations to battle-tested protocols like Venus, implementing multiple security layers, and maintaining emergency controls, the protocol provides sustainable yields while prioritizing user fund safety. The constrained design and explicit controls make the protocol resilient against both technical and economic attacks.