Security Model
StableSwap is designed to minimize trust assumptions. The protocol relies on Circle CCTP V2 for USDC settlement and LayerZero V2 DVNs for cross-chain message verification. All user-facing guarantees are enforced on-chain by the smart contracts.
Trust Model
| Component | Trust Assumption | Risk |
|---|---|---|
| Circle CCTP V2 | Circle attests to cross-chain USDC burns | Circle liveness (attestation delay) |
| LayerZero V2 DVNs | DVNs verify cross-chain messages | DVN collusion could forge messages |
| Uniswap / Orca / Cetus / Hyperion DEX | DEX executes swaps at market rate | Pool liquidity, MEV |
| Solver | Zero trust — anyone can run a solver | Liveness only (24h fallback protects users) |
| Contracts | On-chain enforcement of min_output and fallback | Code correctness |
On-Chain Guarantees
Atomic execution
fulfill_order() atomically claims CCTP V2 USDC, swaps via DEX, and delivers output. If any step fails (including slippage check), the entire transaction reverts. There is no partial execution.Minimum output enforcement
The user specifies
min_output when initiating the swap. This value is encoded in the LayerZero message and enforced on-chain by the settlement contract. The solver cannot deliver less than the user's minimum.24-hour fallback
If no solver fulfills the order within 24 hours,
withdraw_fallback() becomes callable. This returns the CCTP V2-claimed USDC to the user's destination address. No funds are ever locked permanently.Non-custodial
User funds are never held by any off-chain party. CCTP V2 mints USDC directly to the on-chain settlement contract, and the contract delivers the output token to the user's address atomically.
What Cannot Happen
Solver cannot deliver below min_output
User funds cannot be locked beyond 24h
Funds cannot be drained via fulfillment logic
Off-chain parties never custody user funds