# Trust and Safety At Leverage.art, the safety of our users is our top priority. We employ industry-leading security measures to ensure that your data, assets, and personal information are always protected. **Key Safety Features:** {% tabs %} {% tab title="Liquidations" %} * **Margin & Liquidation logic**: ensuring maintenance margin thresholds, partial liquidation flows, and penalty enforcement work without exploits (e.g., griefing liquidations, undercollateralization). * **Oracle integration**: verifying median-of-medians aggregation, outlier filtering, clamp rules, and pause mechanisms for oracle degradation. * **Funding mechanism**: validating skew-based and volatility-adjusted funding to avoid manipulation. * **Vault contracts (ERC-4626)**: securing P2P LP deposits, reward distribution, and ensuring no re-entrancy or withdrawal manipulation. * **Best Practices** * **Third-party audits** by reputable firms with DeFi/NFT perp experience. * **Continuous auditing**: not just pre-launch, but with regular reviews after major updates. * **Bug bounty program**: incentivize white-hat disclosure of edge cases. * **Formal verification** (if feasible) of liquidation and funding settlement routines. This ensures user trust in high-leverage markets where even small vulnerabilities can cascade into systemic losses. {% endtab %} {% tab title="Security " %} Fund custody and protocol upgrades are controlled through multi-signature wallets. * **Operational Security** * **Treasury management**: protocol funds (fees, LP vault reserves, insurance fund) live in multi-sig wallets requiring approval from multiple signers before movement. * **Upgrade control**: any parameter changes (e.g., leverage caps, funding rate adjustments, oracle configs) pass through multi-sig approval, reducing single-actor risks. * **Implementation on Base ETH** * **Gnosis Safe (or Safe{Wallet})** is the industry standard and natively supports Base. * Suggested config: **3-of-5** or **4-of-7** signatures, mixing internal team, trusted external advisors, and possibly DAO/community reps in the long term. * **Timelock governance** can layer on top: upgrade transactions are queued before execution, giving users time to react. This provides resilience against compromised keys or rogue actors while maintaining operational agility. {% endtab %} {% tab title="Trading" %} ### Secure Trading Channels High-leverage NFT perp markets need reliable trade execution without exposing users to exploits. * **Execution Layer** * **Encrypted relayers**: Trades sent from user clients to execution engines (or intents) use TLS-encrypted channels to prevent interception or tampering. * **MEV protection**: minimize front-running and sandwich attacks by leveraging private order flow solutions (e.g., Flashbots Protect, CoW Protocol intent routing) when routing to onchain pools. * **On-chain settlement**: all trades are ultimately verified and settled via smart contracts on Base, ensuring transparency and immutability. * **Oracle Protection** * Since NFT floors are noisy, secure transmission of Chainlink feeds, OpenSea API data, and AMM TWAPs is critical. * Your **median-of-medians with clamping** already acts as an anti-manipulation guardrail; audits should verify integrity of data handling and fallback logic. * **User Safeguards** * **Session key trading**: allow short-lived, scoped keys for trading without exposing primary wallet keys. * **Two-factor confirmations**: optional for large trades or withdrawals. Together, this builds a secure execution environment that defends against both protocol-level exploits and user-targeted attack vectors. {% endtab %} {% endtabs %}