# Security & Risks mStable is built on a combination of audited infrastructure and leading DeFi protocols. While audits and safeguards reduce risk, using DeFi products always carries inherent risks that users should understand. *** ### Product Audit * [Sherlock Audit – mStable Pendled sUSDe (via dHEDGE)](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgKiKW1UaPZfO4BHc_y%2Fuploads%2F4JF9lyLhp5Gf2xREAMMc%2FSherlock%20Audit%20%E2%80%93%20mStable%20Pendled%20sUSDe%20\(via%20dHEDGE\).pdf?alt=media\&token=9510beab-29a2-4c1d-bef4-9911cdd1ff90) * Completed by **Sherlock** in September 2025. * Scope: integration of **Ethena (sUSDe), Pendle PTs, Aave looping, and dHEDGE infrastructure**. * Covers the strategy powering **mStable Pendled sUSDe (mPT-USDe)**. *** ### Infrastructure Audits mStable tokens are built on **dHEDGE smart contracts**, which have undergone multiple audits. These contracts also support other products (e.g. **Toros Finance**) and have secured large amounts of TVL while processing billions in trading volume across chains. #### Most relevant audits * [**Aave V3 Integration**](https://github.com/santipu03/santipu03/blob/main/private-audits/dHEDGE_Aave.md) — audited by Santipu (Jan 2025) * [**EasySwapper V2**](https://github.com/santipu03/santipu03/blob/main/private-audits/dHEDGE_SAW.md) — audited by Santipu (Oct 2024) * [**Core Contracts**](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MgKiKW1UaPZfO4BHc_y%2Fuploads%2Fns3MnPmX02OJCrva3UJ1%2FdHEDGE%20Sherlock%20Audit%20Report%202024.pdf?alt=media\&token=a49a57c9-477b-4490-81c8-51f884466fe7) — audited by Sherlock (June 2024) * [**Core Contracts**](https://skynet.certik.com/projects/dhedge?auditId=dHEDGE%20V2#code-security) — audited by CertiK (Jul 2021) For the full audit history, see the [dHEDGE Audits Timeline](https://docs.dhedge.org/security/audits-timeline?utm_source=chatgpt.com). *** ### Partner Protocol Audits As mStable integrates with external protocols, their security is equally important: * [Pendle Audits](https://docs.pendle.finance/Developers/Security) * [Aave Audits](https://docs.aave.com/developers/the-core-protocol/security-and-audits) * [Ethena Audits](https://docs.ethena.fi/security/audits) *** ### Operational Safeguards * **Pause functions:** emergency ability to halt deposits or rollovers. * **Automation via bots:** bots execute predefined strategies for rollovers, rebalancing, and securing Aave capacity. Bots are non-custodial and cannot access user funds. *** ### Risks * **Stablecoin risk:** The strategy is built on Ethena’s sUSDe. If sUSDe (or its underlying USDe) diverges significantly from $1, it directly impacts performance and collateral safety. * **sUSDe yield risk:** The yield from sUSDe depends on perp funding markets. If yields compress or funding turns negative, overall returns may fall significantly. * **Smart contract risk:** Potential vulnerabilities in mStable, dHEDGE, or integrated protocols. * **Borrowing risk:** Looping increases exposure, amplifying both gains and losses. * **Liquidity risk:** * **Aave caps** may limit deposits or rollover capacity. * **Pendle PT liquidity** can thin near expiry, causing slippage during rollovers. * **Oracle risk:** Dependence on Aave oracles for pricing and collateral health calculations.