# Smart Contract & On-chain Risk

{% hint style="info" %}
Operator and jurisdiction: BASIS is operated by BASIS DIGITAL INFRASTRUCTURE LTD, a Seychelles IBC (LEI: [254900IX2F2KCWNSSS64](https://lei.bloomberg.com/leis/view/254900IX2F2KCWNSSS64)).
{% endhint %}

Smart contract risk refers to the possibility that on-chain code executes in an unintended manner. BASIS addresses this through comprehensive security audits, formal verification, deterministic execution design, and conservative deployment practices that limit on-chain exposure to required modules only.

***

## Where BASIS Uses Smart Contracts

| Module                                                               | Environment                        | Smart Contract? |
| -------------------------------------------------------------------- | ---------------------------------- | --------------- |
| Core trading and routing (BHLE/BASIS Deterministic Arbitrage Engine) | Off-chain execution engine         | No              |
| BIVB cross-chain bridge                                              | SVM ↔ EVM                          | Yes             |
| DeFi lending and LSD modules                                         | EVM/SVM protocol integrations      | Yes             |
| On-chain settlement                                                  | Final settlement layer             | Yes             |
| Internal accounting, lock-up, and 7-day unstaking buffer logic       | Off-chain ledger and state machine | No              |

{% hint style="info" %}
The BHLE execution engine operates entirely off-chain. Smart contract exposure is limited to the bridge, DeFi integrations, and final settlement layers.
{% endhint %}

***

## Risk Categories & Mitigations

| Risk                | Description                                           | BASIS Mitigation                                                                                                |
| ------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- |
| Reentrancy          | Re-entrant calls may affect state before commits      | Checks-Effects-Interactions pattern, `nonReentrant` guards, pull-based withdrawal design                        |
| Upgradeable proxy   | Admin key compromise or storage layout mismatch       | Multi-signature upgrade authority, time-locked upgrades, storage layout testing                                 |
| Oracle manipulation | Price feed distortion affecting on-chain logic        | TWAP controls, multi-source oracle aggregation, circuit breakers on anomalous feed conditions                   |
| Bridge integrity    | Cross-chain message validation and validator security | Independent validator sets per bridge, finality requirements before minting, exposure limits per bridge session |
| Gas management      | Unexpected gas conditions affecting execution         | Gas estimation with safety buffers, isolated execution contexts per module                                      |
| Dependency risk     | Third-party library updates or vulnerabilities        | Pinned dependency versions, full dependency inclusion in audit scope                                            |

***

## Audit Program

BASIS engages leading independent security audit firms as part of its ongoing security program.

Audit scope includes:

* Smart contracts used in the BIVB bridge
* DeFi module integration wrappers
* Settlement and withdrawal contracts
* Cross-chain message authentication logic

Audit reports are published publicly upon completion. See [Audits & Responsible Disclosure](/technical-architecture/audits-and-disclosure.md).

***

## Residual Risk Management

BASIS applies conservative exposure limits and BSCB trigger thresholds to manage residual on-chain risk across all modules. The platform architecture minimizes contract surface area, while core execution remains off-chain within BHLE infrastructure designed for deterministic execution, math-constrained routing, and state machine risk controls.

{% hint style="success" %}
Key control principle: critical performance logic stays off-chain within proprietary routing infrastructure, while on-chain components are restricted to settlement, bridge validation, and protocol integrations necessary for structural alpha capture.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.basis.pro/risk-safety-and-asset-protection/smart-contract-risk.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.