# Smart Contract Security Governs the core vault architecture and operational safeguards, defining how the vault functions at a technical level and constraining its capabilities to pre-approved actions. Veda's framework for smart contract security involves: ### Minimal Surface Area Veda vaults expose only two public functions: * **Deposit** to supply assets * **Withdraw** to redeem assets This deliberately reduced surface area minimizes potential attack vectors, and clearly defines the user interaction model making it possible to build robust safeguards. ### Merkle Verification System * Every action a vault can perform - whether deploying liquidity, staking or rebalancing - is pre-registered, hashed, and embedded in a Merkle tree * Before executing any action, the vault must prove its inclusion in this Merkle root, ensuring that only pre-approved actions are executable * This system makes it impossible for arbitrary transactions or strategy changes to occur ### Transaction Safeguards * **Share Lock Period:** Newly issued vault shares are locked for a brief period to neutralize flash loan manipulation risks * **Delayed Withdrawals:** Withdrawals are subject to a time delay, creating a monitoring window for identifying and responding to irregularities ### Onchain Monitoring * Veda tracks both internal positions and external market dynamics. * Additionally, Veda utilizes third-party monitoring systems to detect malicious behaviour targeting Veda contracts as well as the underlying protocols that Veda vaults take exposure to. * Veda vaults are also part of multiple ongoing bug bounty programs operated by our integration partners. ### Audits Veda contracts are leveraged by many of the top protocols in DeFi including ether.fi, Plasma, Lombard, TAC, Rings, and TurtleClub making the BoringVault one of the most audited DeFi contracts in production. Audit firms commissioned to evaluate the BoringVault include Spearbit, Macro, Secure3 & Hexens. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veda.tech/security-and-risk-controls/smart-contract-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.