Last Updated: 1st Sep. 2023

StakeStone is an innovative system that combines multiple DeFi protocols and assets, aiming to provide users with a one-stop staking experience with optimized risk-adjusted staking yields. It also offers a better yield-bearing asset option for developers. However, despite our best efforts, there are inherent risks associated with StakeStone, including vulnerabilities related to smart contracts, market dynamics, and third-party assets and protocols. These vulnerabilities may be exploited and pose potential risks to StakeStone users.

We believe it is essential to summarize the potential risks that users may encounter when using StakeStone. We also encourage you to explore additional potential risk factors and make decisions on whether and how to use StakeStone based on your own assessment and risk tolerance. StakeStone Protocol will not assume responsibility for any fund losses, regardless of the circumstances.

The list of risks outlined below is not exhaustive, as specific risk factors can change over time with evolving market conditions and industry developments. Therefore, we will periodically update this risk summary. Using a StakeStone product indicates that you have read and accept all risks associated with the StakeStone product, including but not limited to those described herein.

SMART CONTRACT RISKS

Smart contract risk is one of the primary threats faced by DeFi, and while StakeStone's contracts undergo audits by well-respected and professional auditors and are open source, it's crucial to acknowledge that no contract can ever be completely risk-free. Despite our best intentions to prioritize user safety and multiple rounds of testing before release, there may still be potential vulnerabilities or logic errors that could be exploited, resulting in the loss of user funds.

To keep pace with the rapid changes in the market and technology and to ensure the security of user assets and the competitiveness of our product, the StakeStone team may make adjustments to certain parameters and settings within the contract or update the code. By using StakeStone, you agree to assume these risks and accept any changes the team may implement in the contract.

StakeStone has plans to introduce additional audits in the future and undergo further institutional-level scrutiny to minimize this risk as much as possible. We also strongly recommend that you gain a comprehensive understanding of the various risks associated with smart contracts.

Audit Report: hub.com/Secure3Audit/Secure3Academy/blob/main/audit_reports/StakeStone/StakeStone_final_Secure3_Audit_Report.pdf

DEFI COMPOSABILITY RISKS (THIRD-PARTY PROTOCOLS AND PLATFORMS)

The ability to combine multiple protocols, like building with LEGO blocks, to provide users with higher yields and a more convenient experience is one of the charms of DeFi. StakeStone, based on various reputable protocols, aims to offer users more competitive yields. However, stacking multiple DeFi protocols also increases the complexity of the code and system, leading to greater risks. Additionally, connecting to multiple protocols can expose StakeStone to market risks, DAO governance risks, mechanism risks, oracle risks, and other potential issues that may affect the StakeStone protocol. Any problems with the protocols that StakeStone relies on could potentially result in losses for StakeStone users.

While StakeStone supports only well-established, battle-tested protocols that have managed substantial assets and performed well during crises, it is impossible to guarantee that all the protocols integrated into StakeStone will always function as intended. Therefore, we strongly recommend that users gain a better understanding of the protocols currently supported by StakeStone, including Lido, Rocket Pool, Balancer, Aura, and Maverick, and evaluate the risks associated with interacting with these protocols based on your personal preferences.

In the future, StakeStone may become compatible with additional blue-chip DeFi protocols. The addition of any new protocols will be proposed on-chain, publicly disclosed during a time lock period, and subject to open voting by STONE holders before implementation. All proposals will be announced, and we encourage you to set reminders to independently monitor the operation of StakeStone and exercise your rights as an STONE holder in a decentralized manner.

UNDERLYING ASSET RISKS

The value of ETH and STONE minted in StakeStone is backed by a basket of underlying assets, including various LSTs (such as wstETH, rETH, frxETH) and DEX’s LP tokens. These assets are known for their strong performance and adequate liquidity. However, it's essential to be aware that each underlying asset carries counterparty risk. When these underlying assets experience significant changes, including but not limited to price decoupling, issues with operating organizations, or severe slashing, the value of STONE can also be affected.

To protect user assets in the event of extreme situations involving the underlying assets, StakeStone's contract includes an emergency rebalancing feature. This feature allows for the swapping of such assets for ETH and returning them to the StakeStone Vault in the event of significant risks associated with one or more underlying assets, without impacting the ownership of the assets. This function is designed to preserve user assets as much as possible while not moving assets away from their ownership.

REBALANCE / ALLOCATION OPTIMIZATION RISKS

In pursuit of optimized risk-adjusted yields, funds in the StakeStone protocol are periodically reallocated and reconfigured among the currently supported protocols and assets. Any operations involving fund allocation require a proposal to be submitted in an on-chain format, disclosed during the Timelock phase, and executed only after receiving approval through a vote by STONE holders. However, reallocating funds may potentially lead to price impacts, which in turn can result in potential capital losses.

Nevertheless, StakeStone's smart contract incorporates a limit on the price impact caused by operations, which is set at 0.5%. Any operations that could result in losses exceeding 0.5% will not be executed, regardless of whether the losses are due to price impact or external malicious MEV attacks.

This limit is designed to mitigate the risk associated with significant price fluctuations during the reallocation process and protect the capital of STONE holders to a certain extent.

CROSS-CHAIN RISKS

STONE is an omni-chain LST (Liquid Staking Token) that leverages Layerzero to seamlessly transmit asset and price information across various L2 (Layer 2) and sidechains. Currently, supported chains include Base, Linea, Mantle, Arbitrum, with plans for further expansion in the future. During the process of cross-chain transmission of asset and price information, users may encounter corresponding risks. It's important to note that different chains operate with distinct mechanisms and structures, resulting in varying levels of risk associated with each chain.

STONE USE CASES RISKS

STONE is a developer-friendly LST asset with the potential for adoption by various protocols such as stablecoins, lending platforms, derivatives, and more. Protocols that support STONE as an underlying asset enable STONE holders to earn rewards by utilizing STONE within these platforms. However, it's essential to note that supporting STONE as an underlying asset is permissionless, and StakeStone cannot impose restrictions on the use cases of STONE. Using STONE in protocols outside of StakeStone may expose users' funds to risks. Therefore, we strongly advise users to thoroughly understand any protocol they intend to use STONE in and assess its associated risks before proceeding.

REGULATORY RISKS

Cryptocurrency and DeFi remain at the forefront of technological innovation, and regulatory developments in this field are continually evolving. In extreme circumstances, it is possible that users may be unable to access StakeStone's products through the website frontend. However, users will still have the option to withdraw their funds by interacting directly with the smart contracts. This decentralized approach ensures that users can maintain control over their assets, even in challenging regulatory environments or unforeseen circumstances that may impact frontend access.