Security and Risk
Security measures, known risks, and progressive decentralization
Umia takes security seriously. Every component of the platform, from smart contracts to the legal framework, is designed with safety and risk mitigation in mind. This page outlines the security measures in place, the known risks of the system, and the progressive decentralization roadmap.
Smart Contract Security
Certora: Our Primary Security Partner
Umia's smart contracts are audited and formally verified by Certora, one of the leading security firms in the blockchain industry.
This includes verification of:
- Treasury contract logic: ensuring funds can only be moved through properly resolved decision markets or pre-configured disbursements.
- Decision market settlement: confirming that winning outcomes are correctly determined and losing positions unwind as expected.
- Token issuance and burning: verifying that supply changes only occur through governance-approved proposals.
- Access controls: proving that no unauthorized party can bypass governance constraints.
Known Risks
Umia is transparent about the risks inherent in its system. Users should understand these before participating.
Decision Market Risks
Market manipulation. Decision markets rely on price signals to determine outcomes. In theory, a well-capitalized actor could attempt to manipulate prices to steer decisions. Umia mitigates this through TWAP-based settlement (which averages prices over time rather than using a single snapshot) and minimum threshold requirements (which ensure only decisions with meaningfully different price signals get executed).
Low liquidity. In early stages, decision markets may have limited participation, which can reduce the reliability of price signals. As the ecosystem grows and more traders participate, market depth and signal quality are expected to improve.
Information asymmetry. The quality of decision market outcomes depends on participants having access to relevant information. Umia encourages transparency from founding teams through disclosure requirements at entity formation.
Smart Contract Risks
Protocol risk. As with any onchain system, smart contracts carry inherent risks including undiscovered bugs or edge cases. Formal verification with Certora significantly reduces but does not eliminate this risk.
Dependency risk. Umia's Tailored Auctions are built on Uniswap V4's CCA mechanism. Any vulnerabilities or changes in Uniswap's infrastructure could affect Umia's functionality.
Legal and Regulatory Risks
Regulatory uncertainty. The legal treatment of tokenized ventures and decision markets varies by jurisdiction and continues to evolve. Umia's Cayman-based legal framework (MetaLex BORG) is designed to provide clarity, but regulatory changes could affect operations.
Enforcement limitations. While the legal framework makes team obligations enforceable, cross-border legal enforcement can be complex and time-consuming.
Training Wheels During Early Phases
During the early phase of the protocol, Umia retains supervisory capabilities to protect users while the system matures:
- Team proposals require Umia approval before going live in decision markets.
- Community proposals are relayed through Umia to ensure they are well-formed.
- Emergency veto capabilities exist in case of detected exploits or manipulation.
These training wheels are designed to be progressively removed as the protocol demonstrates resilience and the community builds governance expertise.
Reporting Vulnerabilities
If you discover a potential vulnerability in Umia's smart contracts or platform, please contact the team at security@umia.finance.
Responsible Disclosure
Responsible disclosure is appreciated and may be eligible for a bug bounty.