> For the complete documentation index, see [llms.txt](https://docs.veda.tech/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.veda.tech/security-and-risk-controls/smart-contract-security.md). # Smart Contract Security Governs the core vault architecture and operational safeguards, defining how the vault functions at a technical level and constraining its capabilities to pre-approved actions. Veda's framework for smart contract security involves: ### Minimal Surface Area Veda vaults expose only two public functions: * **Deposit** to supply assets * **Withdraw** to redeem assets This deliberately reduced surface area minimizes potential attack vectors, and clearly defines the user interaction model making it possible to build robust safeguards. ### Merkle Verification System * Every action a vault can perform - whether deploying liquidity, staking or rebalancing - is pre-registered, hashed, and embedded in a Merkle tree * Before executing any action, the vault must prove its inclusion in this Merkle root, ensuring that only pre-approved actions are executable * This system makes it impossible for arbitrary transactions or strategy changes to occur ### Transaction Safeguards * **Share Lock Period:** Newly issued vault shares are locked for a brief period to neutralize flash loan manipulation risks * **Delayed Withdrawals:** Withdrawals are subject to a time delay, creating a monitoring window for identifying and responding to irregularities ### Onchain Monitoring * Veda tracks both internal positions and external market dynamics. * Additionally, Veda utilizes third-party monitoring systems to detect malicious behaviour targeting Veda contracts as well as the underlying protocols that Veda vaults take exposure to. * Veda vaults are also part of multiple ongoing bug bounty programs operated by our integration partners. ### Audits Veda contracts are leveraged by many of the top protocols in DeFi including ether.fi, Plasma, Lombard, TAC, Rings, and TurtleClub making the BoringVault one of the most audited DeFi contracts in production. Audit firms commissioned to evaluate the BoringVault include Spearbit, Macro, Secure3 & Hexens. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.veda.tech/security-and-risk-controls/smart-contract-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.