Skip to main content
Avana icon

Contracts & Security

Security reference for the smart contract surfaces and external dependencies behind LP-backed lending.

Overview

Avana expands lending into LP collateral, which means security is not only about code correctness. It is also about how pricing, custody, liquidation, and governance work together under stress.

The protocol therefore treats smart contract review, economic review, and operational review as one security surface rather than as isolated checklists.

Security Challenges

  • • LP positions have path-dependent value and often require venue-specific custody and unwind logic.
  • • Oracle misuse or stale pricing can become an economic exploit even when contracts behave exactly as coded.
  • • Governance, parameter control, and emergency response are part of the real attack surface.

Multi-Layer Security

Contract review

Core contract surfaces, adapters, and privileged control paths should be reviewed before new LP families or execution paths are enabled.

Economic stress testing

The protocol should test market shocks, oracle edge cases, and liquidation routing failures, not just contract-level unit behavior.

External review channels

Formal audits and the Bug Bounty program should reinforce one another rather than operate as isolated checkboxes.

Core Contract Surfaces

Borrow Spoke logic

Handles collateral admission, user accounting, and the spoke-side lifecycle for LP-backed loans.

Hub integration

Connects spoke-level borrowing capacity to shared credit and liquidity constraints in the Hub layer.

Oracle and valuation adapters

Translate LP positions into conservative collateral values using external prices, position reconstruction, and recoverable-value assumptions.

Liquidation execution layer

Coordinates unwind paths, fee realization, routing, and settlement when an unhealthy account must be closed or resized.

Trust Boundaries

  • • Onchain accounting and liquidation settlement should be deterministic once triggered.
  • • Oracle sources, venue adapters, and operational liquidator infrastructure are external dependencies and must be monitored as such.
  • • Governance, pause authority, and upgrades are privileged powers that should remain bounded, reviewable, and timelocked wherever possible.

Audit Readiness

This page intentionally avoids publishing speculative auditor schedules or placeholder milestones. Audit reports, scopes, and remediation notes should be published once they are real and reviewable.

The highest-value audit targets are usually new LP-family support, new liquidation paths, new oracle models, and any change that expands privileged control or the recoverable-value assumptions used by the protocol.