# Security The security of users' funds and the platform as a whole is our number 1 priority. We have many measures in place, both on- and off-chain in support of this goal. ## System limits ### Circuit Breaker Perp v3 uses an onchain circuit breaker mechanism to protect the system when certain conditions are met that indicate a hack, exploit or breach. When the circuit breaker conditions are met, some operations will revert, such as withdrawals. In addition, when the circuit breaker is triggered, the system can be manually locked if an attack is confirmed to be taking place, causing a full system pause. If locked, a governance vote will be held to determine subsequent steps. #### Triggers * TBC * Grace Period ### Liquidity limits While not a parametric limit, open interest in the system cannot exceed the value of liquidity provided by LPs. If liquidity is exhausted, it will only be possible to close or reduce positions. ### System collateral caps Coming Soon™️ 🏗️ ### User deposit caps Coming Soon™️ 🏗️ ### Frontrun protection For trades with oracle price pools, a 3 second delay is enforced to prevent traders from frontrunning the oracle price feed received by the DEX. For trades performed via the DEX [gateway](/nekodex-playground/docs-for-users/how-perp-v3-works.md#router-and-gateway), this is handled automatically. For trades performed using smart contract interaction, two transactions must be sent: the initializing transaction, and an execution transaction with a timestamp 3 seconds later or more. ### Oracle safety Coming Soon™️ 🏗️ ## Audits See [Security & Audits](/nekodex-playground/all-about-perp/more/security-and-audits.md) for details. ## Project security Perpetual Protocol contracts external auditors to check production code before users deposit the first $1 of funds. Once code goes live, our bug bounty program serves to attract whitehats to find vulnerabilities and exploits in return for prize money. See [Security & Audits](/nekodex-playground/all-about-perp/more/security-and-audits.md) for details. Perpetual Protocol also has policies in place to ensure the code being sent to auditors is as strong as it can be. Programmers work in pairs while coding, putting two sets of eyes on the task at all times. Internal reviews ensure each commit is checked before being pulled. Our team also includes a security specialist who researches exploits and code integrity on a continuing basis. All funds and contract owner addresses are held by multi-sig safes. The signer wallets are intentionally distributed across different wallet types and manufacturers to mitigate spread of contagion should a wallet experience a hack. In addition to our official bug bounty program administered by [ImmuneFi](https://immunefi.com/bounty/perpetual/), we also regularly work with community researchers and whitehats to find bugs and offer rewards for issues outside the official bug bounty scope. **If you found a bug**, [Contact us](/nekodex-playground/all-about-perp/contact-us.md)! ## Smart Accounts [ERC-4337](https://www.erc4337.io/) smart accounts are powered by ZeroDev (Kernel). Smart accounts (aka account abstraction) let users sign up for and use decentralized financial tools without relying on a third party custodian, while also having the technical aspects of self-custody abstracted out of the experience. This is a major advantage for non-technical users. **Audit**: The ZeroDev Kernel wallet was audited by [Kalos](https://kalos.xyz/). **2FA**: Using ZeroDev, users can add a second factor for use in authentication, further enhancing the security of their account. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nekodex.org/nekodex-playground/docs-for-users/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.