Understanding Risks
Depositing in the ASPE Labs vault carries real risk. This page describes the major risk categories, their mitigations, and what is not mitigated. Read this before depositing.
1. Smart contract risk
The vault is a smart contract. Smart contracts can contain bugs that lead to loss of funds.
Mitigations:
Source code verified on-chain (Sourcify)
Internal review and comprehensive test suite
Proxy with timelock — allows patching if a vulnerability is found
Formal audit planned (Phase 1)
Not mitigated: Unknown vulnerabilities (zero-days). No audit eliminates this risk entirely.
2. Strategy risk
The grid trading strategy may experience periods of drawdown. Past performance does not guarantee future results. The strategy is actively managed but no trading approach is profitable in all market conditions.
Historical context:
Maximum drawdown: -40.3% (January–February 2026)
Recovery time: 31 days
11 of 14 months have been positive
3 months with negative returns
Not mitigated: Future drawdowns may exceed historical maximums. There is no guarantee of recovery.
3. Exchange risk
The vault operates exclusively on Hyperliquid. Concentration in a single venue creates dependency risk.
Potential scenarios:
Hyperliquid downtime or maintenance
HyperEVM halt affecting deposit/withdrawal
HyperCore precompile failure affecting equity reads
Regulatory action against Hyperliquid
Mitigations:
Guardian can pause the vault and trigger emergency withdrawal
Vault assets remain in the smart contract even during HyperCore downtime
Not mitigated: Catastrophic Hyperliquid failure. If HyperCore loses funds, the vault loses funds.
4. Oracle and pricing risk
The vault reads account equity from a HyperCore precompile (system contract). If the precompile returns stale or incorrect data, share pricing could be affected.
Mitigations:
Staleness validation — the contract reverts if data appears outdated
Equity read is direct from HyperCore, not from a third-party oracle
Not mitigated: Precompile bugs or HyperCore-level pricing errors.
5. Operator risk
ASPE Labs is operated by a pseudonymous individual. This is a single point of failure.
What this means:
If the operator becomes unavailable, the trading bot stops — but your funds remain in the vault
The guardian role can trigger emergency withdrawal, distributing all funds pro-rata to depositors
No legal entity backs the vault in Phase 0
Mitigations:
Guardian EOA held separately — can act independently of the operator
Emergency withdrawal is a smart contract function, not dependent on the bot
Progressive decentralization planned (legal structure in Phase 1+)
Not mitigated: Extended operator unavailability. While funds are safe, no trading occurs and no returns are generated.
6. Liquidity risk
Withdrawals are asynchronous. When you request a redemption, the bot needs to close positions proportionally before releasing your USDC.
Normal conditions: Completes in seconds (single bot iteration).
Stress conditions: May take multiple iterations if:
Multiple large withdrawals happen simultaneously
Market liquidity is thin
Positions need time to unwind
Mitigations:
FIFO processing with carry-over
Emergency withdrawal as backstop
Not mitigated: In extreme scenarios, withdrawal timing is uncertain.
7. Portfolio margin risk
Hyperliquid's portfolio margin system is pre-alpha software. Unlike per-position margin, portfolio margin evaluates liquidation at the account level.
Specific risks:
Portfolio-level liquidation may behave unexpectedly under stress
Pre-alpha software may contain bugs
Not mitigated: Portfolio margin is new and not battle-tested at scale.
Summary: You can lose some or all of your deposit. The vault is experimental software operating on experimental infrastructure. Only deposit what you can afford to lose.
Related links
Security — how the vault protects your funds
FAQ — common questions about risks
Track Record — historical performance including drawdowns
Last updated
Was this helpful?