CuspCusp

Security and Risk

An honest account of what can go wrong and how the design responds.

Cusp manages risk; it does not remove it. The honest risks are below, with how the design responds to each.

The risks

  • Resolution risk. A market can resolve against a financed position faster than any liquidation can react. The response is to value collateral conservatively and remove borrowing capacity before resolution through the origination gate, so positions are not financed through the window where they can gap to zero.
  • Liquidity risk. Depth can vanish when a position most needs to be cleared. The conservative mark values collateral at what selling into current bids would fetch, and liquidation runs through bonded specialists rather than bots.
  • Oracle and venue risk. Cusp depends on the venue's authoritative record and its eventual payout. Inputs are taken from that record rather than display feeds, and settlement exposure is priced with conservatively inflated failure assumptions.
  • Model risk. Any valuation can be wrong. The launch posture caps total credit by first-loss capital, so senior depositors are protected by arithmetic while the calibration record is still short, and every score is published for checking.
  • Smart-contract risk. Code can contain faults. This is shared with all on-chain systems and is mitigated by review and by the public transparency record.

Audits and formal reviews will be listed here once complete. This page will be updated as that work is published.

Nothing on this page or elsewhere in these docs is investment, legal, or tax advice. The docs describe protocol design; the formal treatment of every mechanism is in the Cusp whitepaper.

Calibration and Transparency

What Cusp publishes so its decisions can be checked against outcomes.

Glossary

Plain-language definitions of Cusp's canonical terms.

On this page

The risks