Smart Contract & On-chain Risk
Operator & jurisdiction: BASIS is operated by BASIS DIGITAL INFRASTRUCTURE LTD, a Seychelles-incorporated entity (LEI: 254900IX2F2KCWNSSS64).
Currency convention: Asset values may be displayed using an internal USDT-based accounting view for USD-equivalent reference. USDT is not a depositable or withdrawable asset on BASIS. Supported asset flows use native tokens and their corresponding stTokens. See Risk Disclosure.
Smart contract risk refers to the possibility that on-chain code executes in an unintended manner. BASIS addresses this through comprehensive security audits, formal verification, deterministic execution design, and conservative deployment practices that limit on-chain exposure to required modules only.
Where BASIS Uses Smart Contracts
Core trading and routing (BHLE/BQAE)
Off-chain execution engine
No
BIVB cross-chain bridge
SVM ↔ EVM
Yes
DeFi lending and LSD modules
EVM/SVM protocol integrations
Yes
On-chain settlement
Final settlement layer
Yes
Internal accounting and lock-up logic
Off-chain ledger and state machine
No
The BHLE execution engine operates entirely off-chain. Smart contract exposure is limited to the bridge, DeFi integrations, and final settlement layers.
Risk Categories & Mitigations
Reentrancy
Re-entrant calls may affect state before commits
Checks-Effects-Interactions pattern, nonReentrant guards, pull-based withdrawal design
Upgradeable proxy
Admin key compromise or storage layout mismatch
Multi-signature upgrade authority, time-locked upgrades, storage layout testing
Oracle manipulation
Price feed distortion affecting on-chain logic
TWAP controls, multi-source oracle aggregation, circuit breakers on anomalous feed conditions
Bridge integrity
Cross-chain message validation and validator security
Independent validator sets per bridge, finality requirements before minting, exposure limits per bridge session
Gas management
Unexpected gas conditions affecting execution
Gas estimation with safety buffers, isolated execution contexts per module
Dependency risk
Third-party library updates or vulnerabilities
Pinned dependency versions, full dependency inclusion in audit scope
Audit Program
BASIS engages leading independent security audit firms as part of its ongoing security program.
Audit scope includes:
Smart contracts used in the BIVB bridge
DeFi module integration wrappers
Settlement and withdrawal contracts
Cross-chain message authentication logic
Audit reports are published publicly upon completion. See Audits & Responsible Disclosure.
Residual Risk Management
BASIS applies conservative exposure limits and BSCB trigger thresholds to manage residual on-chain risk across all modules. The platform architecture minimizes contract surface area, while core execution remains off-chain within BHLE infrastructure designed for deterministic execution, math-constrained routing, and state machine risk controls.
Key control principle: critical performance logic stays off-chain within proprietary routing infrastructure, while on-chain components are restricted to settlement, bridge validation, and protocol integrations necessary for structural alpha capture.
Last updated