Risks

Despite committing to multiple audits, Size is not immune from blockchain-related risk and smart contract risk. In addition, users should be aware of the below additional risks. Note that this is not intended to be an exhaustive list.

Technological Risk

Smart Contract Risk — Size is a relatively complex credit marketplace. Software bugs or unidentified economic attack vectors may exist. In addition to rigorous internal audits, three independent audits have been conducted, and reports can be reviewed in the Audits & Security section.

Ecosystem Risk — the protocol currently depends on the Base Layer 2 blockchain which carries some inherent centralization risk around block proposing, building and validation in its current configuration. Intentional or otherwise, transaction censorship at the validator level could detrimentally impact the efficiency or functionality of the protocol.

Transaction Settlement Risk - Though Base has been stress tested extensively at scale, technical issues or congestion could delay or prevent transaction processing or settlement down to layer 1 which could prevent withdrawals, repayments, and transactions in general.

Third Party Library Risk — Size relies on some community developed and/or open source components like libraries and/or compilers. This infrastructure is very well maintained and extensively battle tested, but nuances in implementation can introduce technical risk beyond the Size smart contract code itself.

Oracle Risk — the protocol relies on a Chainlink oracle to conduct liquidations. Manipulation or attack of the Chainlink oracle may result in unprofitable liquidations, lender losses, or borrowers suffering a liquidation penalty unfairly.

Centralization Risk — the protocol relies on USDC behaving according to a standard ERC-20 token implementation, despite its contract being upgradeable and containing a blocklist. An unexpected upgrade or additions to the blocklist by the USDC token may result in an inability to withdraw.

Integration Risk — in order to provide lenders with passive variable rate interest while orders are pending match, the protocol relies on Aave operating smoothly to facilitate deposits and withdrawals. Failure to supply or redeem underlying tokens to Aave may result in liquidity being temporarily frozen on the Size protocol. This could happen as a result of Aave capping deposits, resulting in delayed repayment.

Web Frontend and Domain Risk - frontend UIs have been a repeat attack vector and remain a risk throughout the DeFi ecosystem. All official Size contracts can be found in the documentation; users should always review contract interactions before signing them to ensure they are interacting with legitimate contracts, and best practices include whitelisting specific contracts for interaction.

Counterparty Risk

All loans on Size are over-collateralized, and must be repaid before the due date. Liquidation may be conducted by anyone, including protocol keepers.

Overdue Loans

Overdue loans become eligible for liquidation. Anyone, including lenders, may participate in liquidating borrowers for a reward.

Liquidation Risk

Losses are not socialized, and an unprofitable liquidation of a borrower may result in losses to that borrower's lender(s).

Lenders may monitor the health of their borrowers and act as liquidators in the case of borrowers not maintaining sufficient collateral.

In addition, a lender may directly claim the borrower's associated collateral if the borrower's collateral ratio drops below 100%.

Governance Risk

Pausability & Upgradeability

Core contracts may be paused or upgraded. This decision was made in the interest of being able to secure funds and contracts if bugs are found early on, and will be progressively decentralized. A multisig is assigned as owner and can be seen here.