Security Architecture
Overview
Security is foundational to the trust and resilience of the Mynt (USDm) protocol. As a system handling high-value collateral, minting mechanics, and liquidation processes, USDm is built with defensive architecture, modular upgrades, and external audit layers to minimize risk and maximize transparency.
10.1 Inherited Security from Ethereum.
USDm is designed with an concious approach to security and yield generation. At the heart of the USDm protocol is a decentralized layer of Security Operators, whose role is indispensable to the system’s integrity and growth. These operators serve as the conduit through which the protocol inherits security guarantees from Ethereum. To participate, each Security Operator must receive collateral delegations—exclusively in ETH and USDC—on Ethereum mainnet, collectively amounting to at least 20% of the total USDm supply.
This 20% threshold is not a soft target—it is a hard security requirement. If the total value of these security delegations fall below the mandated threshold, the protocol will immediately halt all USDm minting and prioritize redemptions only. This ensures that the system cannot expand its liability footprint unless it remains sufficiently secured by Ethereum-backed assets. USDm is, therefore, not only capital-efficient but security-conscious by design.
10.2 Smart Contract Design Principles
• Modularity: Each component (vaults, liquidation, oracle, access control) is isolated to prevent cascading failures.
• Upgradeable via Proxy: Select contracts are upgradable via verified proxy patterns, governed by the launch multisig.
• Fail-Safe Defaults: Contracts include safe fallback behavior in case of oracle failure or unexpected logic execution.
• Minimal Permissions: Principle of least privilege is enforced—only necessary roles can change parameters or trigger upgrades.
10.2 Critical Contracts
Contract Module
Description
VaultManager
Handles user positions, collateral deposits, debt accounting
MintEngine
Enforces minting rules, caps, and limits
LiquidationEngine
Manages health checks, triggers liquidations, calculates penalties
OracleAdapter
Interfaces with Pyth feeds, enforces staleness thresholds
TreasuryManager
Routes fees, protocol reserves (if applicable)
AccessControlManager
Restricts sensitive functions to multisig only
All contracts will be published as open-source, with verified source code and public audit reports.
10.5 Emergency Protocols
The protocol will include security-focused contingency tools:
Mechanism
Purpose
Pause Mechanism
Temporarily disable minting or liquidations in case of a zero-day vulnerability
Collateral Freeze
Disable specific asset types if oracle or liquidity conditions fail
Emergency Upgrade Path
Allows fast deployment of patches, subject to multisig verification
Read-Only Mode
Potential feature to allow querying of vault state even if core functions are paused
10.6 Key Management and Admin Security
• Gnosis Safe Multisig with strict signing thresholds
• Signers spread across multiple institutions and geographies
• Timelocks and alerting systems for transparency of upcoming actions
• Optional community watch contracts or multisig observers (future)
With these practices, Mynt aims to be among the most secure, transparent, and battle-tested stablecoin systems on the Monad blockchain.
Last updated