Risks

Chamber is designed to make vault strategies safer by default, not risk-free. Depositors should understand what can still go wrong. This page covers the main risk categories in plain English. For the formal frame, see Risk model.

Market risk

The most common source of losses: the manager's trades move against the market.

• A vault trading ETH can lose value when ETH drops.

• A leveraged vault can lose multiples of the underlying asset's move.

• A stablecoin yield vault can still lose money if an underlying stablecoin depegs or a lending market goes bad.

Match the vault's strategy to risk you can actually stomach. Check the Risk Factor and the composition before depositing.

Smart contract risk

Chamber vaults are smart contracts. Despite audits, a bug bounty program, and the Guard System, no contract is provably bug-free. A critical bug could lock funds or allow unintended asset movement.

Mitigations Chamber applies:

• Multiple external audits before deployment.

• The Guard System restricts what managers and traders can do onchain.

• A public incident history — no loss of depositor funds since launch in October 2020.

Manager risk

The manager makes trading decisions. They cannot take custody or change the vault's rules arbitrarily, but they can still make bad calls — choose poor entries, hold too long, concentrate too heavily in one asset.

The Guard System limits what a manager can do (enabled assets, approved protocols, fee caps) but does not limit how well or badly they trade within those rules. Evaluate the manager before depositing — track record, communication, other vaults they run.

Oracle risk

Vault NAV is priced via oracles — Chainlink and Pyth. Oracles can go wrong:

• Feed staleness if a provider stops updating.

• Manipulated prices on thin markets (rarer with Chainlink/Pyth than alt oracles, but still a consideration).

• A feed reporting an incorrect value briefly.

Most of the time, oracles are fine. In exceptional cases, a depeg or flash price anomaly can cause mispricing of shares for a short window.

Liquidity risk

When you withdraw, the vault needs to produce assets for you:

• Single-asset withdrawal may incur slippage if the vault holds illiquid assets it has to swap out.

• Underlying basket withdrawal hands you a slice of whatever the vault holds — including any illiquid positions, which you'd need to unwind yourself.

In extreme market stress, an underlying market being frozen or highly slipped can make withdrawals temporarily painful. Chamber doesn't gate withdrawals — the mechanics just pass the cost of the stressed market to you.

See Lockup & withdrawals for both methods.

Regulatory risk

Chamber is a decentralised protocol, but the broader regulatory environment for onchain asset management is evolving. Future changes in your jurisdiction could affect your ability to deposit, withdraw, or claim gains from Chamber vaults. Check local rules; Chamber cannot advise on them.

Risks that are NOT in scope

Some things people worry about that the Guard System explicitly prevents:

• The manager rugging your deposit. Not possible — the manager never has custody of your funds. Shares are yours, withdrawable any time (after the 24-hour lockup).

• The manager changing fees overnight. Not possible — fee increases have a 14-day announcement period enforced onchain.

• The manager whitelisting a malicious contract on-the-fly. Not possible — the Guard System's protocol allowlist is protocol-level, not manager-level.

The principle applies to human and AI managers alike: the goal is not to trust the manager more; the goal is to make the vault safer by design.

Related

• Security overview

• Risk model

• Guard System

• Audits and Incident history