SECURITY

This document outlines essential security information and best practices for interacting with our staking pool and related services. We are committed to providing a secure environment for our users through audits, ongoing bug bounties, security precautions, and continuous monitoring of our systems.

Our goal is to empower users with the knowledge and tools needed to protect themselves against potential threats and ensure a safe and trustworthy experience.

Please take the time to read through the following sections carefully. Your awareness and actions play a crucial role in maintaining the security of your investments and the integrity of the platform.

User Security Recommendations

Secure Your Wallet

Make sure you always keep access to the wallet you use to deposit. It is the only wallet that is allowed to withdraw from the pool. Use a Universal Profile that has 2FA and/or third-party recovery enabled. Or connect a fresh Ledger account with your MetaMask to deposit.

Beware of Scams

We will not email or DM you and we will also never ask you to send us funds or share sensitive data with us. If you have any problems you can reach us in the following ways:

• Email
• X
• Telegram
• Discord

If we do an announcement, it will be on our official channels. Always double-check the URL of the website you are visiting is on the stakingverse.io domain and make sure it is the correct one.

Multiple Security Audits

Stakingverse has undergone multiple security audits by leading blockchain security firms:

• Extropy - Audit of both StakingverseVault.sol and Liquid Staking contracts
• Enigma Ventures - Audit of the Liquid Staking contracts
• MiloTruck - Audit of both StakingverseVault.sol and Liquid Staking contracts

Previous audits for the original Vault contract can be found in the UniversalPage contracts repository.

Risks

There are potential risks associated with interacting with decentralized smart contracts. Here are some of the most common problems and what we have done to prevent them to ever happen.

Smart Contract Risks

All of our smart contracts are written by our team and multiple audits have been done by our team and external auditors.

However an audit does not guarantee absolute security. Audits vary in quality, and even comprehensive audits can miss subtle vulnerabilities or fail to predict how complex interactions with other contracts could lead to issues.

Oracle Failures/Hacks

Smart contracts often rely on oracles to fetch external data (e.g., asset prices). If an oracle provides incorrect data, it can lead to unintended contract behavior, including loss of funds. Our Oracle is completely re-designed to reduce the risk as much as possible.

The Stakingverse oracles are running independently of the Staking Pool and the rewards and funds are distributed directly from the beacon chain to the pool's smart-contract, the Oracle doesn't have any access to the funds. So even if there is an error in the Oracle or it gets hacked, the funds in the pool remain safe.

This mitigates one of the biggest risks of staking protocols.

Slashing

If a validator misbehaves, it can be slashed. This means that the validator will lose some of its LYX. The pool is operated by Stakingverse and is not likely to be slashed. However, if the Stakingverse validator is slashed, the stakers will lose some of their LYX.

We took a lot of precautions to prevent this from ever happening.

Wronly Deposited Validator Data/Invalid deposits

Even though this problem is not really common, it happened on the LUKSO network in the early days and we want to mention what we have done to prevent this from happening. Before our Oracle is able to register a new validator it will check all variables in the deposit_data.json before the Vault is able to deposit a new validator to the LUKSO Validator Deposit contract.

Disclaimer

We take every precaution to ensure the safety of our customers, but as you can see there is always a chance that something can go wrong. We will always do our best for our customers, but it is important that you read our full Terms of Service to understand your rights and responsibilities when using our platform Terms.