# Risks and Mitigations ### Custody Risk Custody risk refers to the possibility that assets backing USP become inaccessible, frozen, stolen, or mismanaged due to failures in custody systems, wallet infrastructure, operational processes, or compromise of key management.
Piku uses a multi-layer, institutional-grade custody architecture to safeguard all assets backing USP. Custody is built around two core components: **Fireblocks MPC Infrastructure** used for active operations such as minting, redemptions, exchange settlement, and strategy allocation. **Safe (Gnosis Safe) Multisig Vaults** used as the protocol’s on-chain treasury, governance-controlled vault, and long-term storage layer. All operational flows (deposits, withdrawals, hedging, strategy rebalancing) pass through **Fireblocks**, where MPC-based key management, automated policy controls, whitelisting, and multi-approver rules minimize risk. All governance-sensitive and high-value assets are secured in Safe multisig wallets, where transactions require signatures from multiple independent parties. Safe vaults also enforce address restrictions and undergo governance review for any changes in signers, modules, or access rules. **The system is designed to ensure:** * No single party controls funds, thanks to multisig + MPC * No unapproved destination can receive funds, via strict whitelisting * Transparent, auditable custody operations, through continuous monitoring and logging * Operational continuity, with fallback custody flows in case any provider experiences downtime This dual-layer model provides strong protection against key compromise, operational mistakes, malicious actors, smart contract exploits, or custody provider outages, while ensuring smooth operation of the USP minting and backing system.
Backing Hot Wallet (Operations Wallet)Backing Cold Reward Claim WalletBacking Cold Wallets (Primary Storage)
  • Used only for deploying assets into backing strategies.
  • Used solely for claiming rewards from Merkl.xyz, Sablier, and similar protocols.
  • Hold the majority of backing assets in cold storage.
  • No idle balance is held in this wallet.
  • Only allowed to transfer assets to the Backing Hot Wallet.
  • Cannot interact with external contracts or third-party platforms.
  • Assets are transferred here just-in-time for execution.

  • Does not receive or send funds to external wallets, except for protocol-level reward claims.
  • Only transfer route permitted is to the Backing Hot Wallet, ensuring strong isolation.
  • Minimizes exposure as this is the only wallet interacting with external platforms.
  • Prevents unauthorized third-party interaction and limits potential contract-level risk.
  • Significantly reduces attack surface and operational risk.
Piku uses a three-layer custody structure on Fireblocks to ensure secure, compartmentalized control over USP backing assets. Each wallet has strict, predefined permissions to minimize operational and counterparty exposure.
### Market / Funding Rate / Strategy Risk USP’s delta-neutral backing relies on USD-TRY arbitrage, funding-rate strategies, and diversified yield sources. These can fail if market spreads collapse, funding rates turn sharply negative, or liquidity thins out. In such cases, hedges may stop behaving neutrally, yields may drop below expectations, and positions may become costly or difficult to unwind—temporarily weakening USP’s backing performance.
Piku maintains USP’s stability by running delta-neutral USD–TRY arbitrage alongside diversified yield strategies such as carry trades, DeFi yields, and future RWAs. The system is structured to avoid directional exposure, minimize sensitivity to market volatility, and withstand funding-rate fluctuations. This is achieved through automated hedging, strict exposure limits, funding-rate risk controls, diversified strategy allocation, venue redundancy, and continuous monitoring. Governance oversight ensures all strategy changes, limits, and risk parameters are reviewed and enforced. Piku’s goal is not to predict markets, but to neutralize them maintaining yield while keeping USP’s backing insulated from macro volatility, FX swings, liquidity shocks, and strategy underperformance. * Diversified Backing Across Multiple Strategies * No single yield source dominates USP’s backing. * Allocation capped per strategy (USD–TRY arbitrage, DeFi yield, carry trades, arbitrage, RWAs). * Reduces dependency on TRY volatility, specific exchanges, or individual on-chain protocols. * Dynamic allocation adapts to changing market conditions and funding-rate environments.
### Liquidity & Redemption Risk USP must maintain sufficient liquid backing to meet user redemptions. Liquidity risk arises if market conditions, venue outages, or unexpected surges in redemption demand make it difficult to unwind positions quickly. If arbitrage, derivative, or RWA holdings become temporarily illiquid or only sellable at steep discounts Piku may face delays or higher costs in generating USD liquidity, leading to slower redemptions or reduced buffer in USP’s backing.
Piku ensures USP maintains enough liquid backing to meet redemptions quickly and efficiently. Liquidity risk arises when markets become thin, venues fail, or redemption demand spikes. The system is designed to keep ample liquidity, diversify venues, and maintain buffers to handle stress without impacting USP stability. * **High-Liquidity Backing Mix**\ Keep most backing in assets that can be converted to USD quickly and with minimal slippage. * **Staggered Strategy Allocation**\ Limit exposure to less-liquid RWAs or strategies requiring long unwind periods. * **Active Liquidity Monitoring**\ Track market depth, exchange liquidity, and redemption flows in real time. * **Redemption Liquidity Buffer**\ Hold a reserved buffer to meet peak redemption demand without unwinding core positions.
### Operational / Infrastructure Risk Failures in data feeds (oracles), exchange connectivity, custody operations; bugs in off-chain or on-chain code; reconciliation failures; inability to perform hedging or rebalance in time; human error; systemic operational issues.
Piku’s operational and infrastructure framework is designed to ensure that USP minting, backing, and custody processes remain reliable, secure, and resilient under all conditions. Operational risk can arise from system failures, human errors, cloud outages, or disruptions in third-party services. To mitigate this, Piku uses redundant infrastructure, strict access controls, automated policies, and real-time monitoring ensuring that critical operations continue functioning even during partial failures or external disruptions. **Infrastructure Redundancy & High Availability** * Core systems (orchestration, monitoring, automation, signer infrastructure) run on redundant, geographically distributed environments. * Failover mechanisms ensure continuity during cloud outages, network issues, or hardware failures. **Strict Access Control & Multisig Enforcement** * All sensitive operations require role-based permissions and multisig approval. * No single operator can execute deployments, transfers, or configuration changes. **Automated Transaction Policies** **Fireblocks and system-level policy checks enforce:** * Allowed smart contracts and exchange addresses * Mandatory approval layers Reduces human error and prevents accidental or unauthorized actions. **Audit Logging & Traceability** All actions (minting, backing changes, contract calls, signer approvals) are fully logged and auditable. Ensures transparency, accountability, and post-incident traceability.
### Smart Contract / Protocol Risk Bugs or vulnerabilities in mint/redeem contracts, governance contracts, custody/bridge contracts (if using RWAs), strategy contracts, yield protocol contracts, etc.
USP interacts with a limited set of on-chain protocols for reward distribution and certain backing strategies. Smart contract or protocol failures such as exploits, bugs, insolvency events, or economic attacks can impact asset safety or interrupt operations. Piku minimizes this risk by using audited protocols, isolating reward-claim operations, limiting contract interactions through strict whitelists, and maintaining a minimal on-chain footprint for core backing assets. **Strict Protocol Whitelisting** * Only audited, battle-tested, and widely used protocols are eligible for USP backing. * Protocols are added through a governance-controlled whitelist, preventing unauthorized integrations. **External Security Audits & Continuous Review** * All core smart contracts undergo independent third-party audits before deployment. * Periodic reviews and re-audits ensure the system remains secure as dependencies evolve. **Minimal On-Chain Footprint for Backing Assets** * Core backing assets remain primarily in cold custody wallets, not on-chain strategies. * Only small amounts flow through the Hot Wallet for operations, reducing exposure to protocol-level exploits. **Limited Exposure per Protocol** * Strategy allocations are capped to prevent overconcentration in any single smart contract platform. * Enables containment if a protocol fails, is exploited, or becomes insolvent. **Reward Claim Isolation** * Reward claiming occurs via the Backing Cold Reward Claim Wallet, which only interacts with Merkl.xyz, Sablier, or approved reward distributors. * This isolates risk from the primary cold storage and prevents broader contagion. **Transaction Policy Enforcement** * Fireblocks policies restrict contract interactions to pre-approved contract addresses only. * Prevents accidental or malicious interaction with unknown or compromised protocols