Security & Risks

Audits, safeguards, and risk considerations for the Stacked Yield vault.

mStable is built on a combination of audited infrastructure and leading DeFi protocols. Audits and safeguards reduce risk, but using DeFi products always carries inherent risks that users should understand. Stacked Yield is built to rotate between supported yield markets, so the specific risks below reflect the current strategy implementation and may shift as the strategy evolves.

Product audit

• Sherlock Audit, mStable Pendled sUSDe (via dHEDGE)

  • Completed by Sherlock in September 2025.

  • Scope: integration of Ethena (sUSDe), Pendle PTs, Aave looping, and Chamber infrastructure.

  • Covers the strategy powering mPT-sUSDe.

Infrastructure audits

Stacked Yield runs on Chamber, which has undergone multiple audits. The same contracts power other products such as Toros Finance and have secured large amounts of TVL while processing billions in trading volume across chains. Chamber was previously known as dHEDGE, so audits and references below using the dHEDGE name cover the same codebase.

Most relevant audits

• Aave V3 Integration: audited by Santipu (Jan 2025)

• EasySwapper V2: audited by Santipu (Oct 2024)

• Core Contracts: audited by Sherlock (June 2024)

• Core Contracts: audited by CertiK (Jul 2021)

For the full audit history, see the dHEDGE Audits Timeline.

Partner protocol audits

As Stacked Yield integrates with external protocols, their security is equally important:

• Pendle Audits

• Aave Audits

• Ethena Audits

Operational safeguards

• Pause functions: emergency ability to halt deposits or rollovers.

• Automation via bots: bots execute predefined strategies for rebalancing and securing Aave capacity. Bots are non-custodial and cannot access user funds.

Risks

These risks reflect the current strategy implementation. They may change as Stacked Yield rotates between supported yield markets.

• Stablecoin risk: the current strategy is built on Ethena's sUSDe. If sUSDe (or its underlying USDe) diverges significantly from $1, it directly impacts performance and collateral safety.

• sUSDe yield risk: the yield from sUSDe depends on perp funding markets. If yields compress or funding turns negative, overall returns may fall significantly.

• Smart contract risk: potential vulnerabilities in mStable, Chamber, or integrated protocols.

• Borrowing risk: looping increases exposure, amplifying both gains and losses.

• Liquidity risk:

  • Aave caps may limit deposits or rollover capacity.

  • Pendle PT liquidity can thin near expiry, causing slippage during rollovers.

• Oracle risk: dependence on Aave oracles for pricing and collateral health calculations.