# Smart Contract Risk

## Core Risk

Fira operates as a blockchain protocol with inherent smart contract vulnerabilities. Code may contain vulnerabilities, bugs, design flaws, or unintended behaviors potentially resulting in complete asset loss.

## Risk Sources

* Implementation errors
* Faulty assumptions about external integrations (tokens, oracles, bridges, DEXs)
* Market edge cases
* Permissioning mechanisms
* Governance decisions
* Cross-contract interactions

On-chain transactions are irreversible, meaning losses may be permanent.

## Mitigations

### Third-Party Audits

Fira has engaged security firms (Sherlock, Spearbit Cantina, yAudit) for code review. Audits do not guarantee secure or defect-free code — vulnerabilities can persist undetected.

### Operational Controls

The system may pause or restrict functions during suspected incidents. Tradeoffs include service disruption, reduced liquidity, and withdrawal delays.

### Recovery Attempts

Fira may investigate incidents and pursue recovery actions, but any recovery is uncertain and potentially impossible.

## User Acknowledgment

Users must recognize that:

* Fira represents experimental and adversarial environments
* The protocol may malfunction
* Assets face total loss risk
* No safety guarantees exist absent written commitments