Risks
This page describes the risks associated with Doppler Vaults and the actions taken by Doppler Finance to mitigate and manage those risks.
We welcome any suggestions or details that could improve the protocol’s transparency. If you spot a risk we haven’t highlighted, please join our Discord and let the Doppler team know.
Legal Notice
This page highlights key risks but is not exhaustive. It does not constitute legal, financial, or tax advice.
Counterparty Risk
Description
Doppler Vaults, in operating its services through collaborations with multiple custodians and trading partners, is therefore exposed to ‘Counterparty risk’.
Counterparty risk is the risk of loss arising from other entities, including custodians (e.g., asset theft) and trading partners (e.g., trading losses or insolvency).
The following examples are representative counterparty risks faced by Doppler Finance.
Asset theft: Unauthorized access to or misappropriation of user funds held by a custodian. This can occur through external hacks (e.g. stolen private keys) or insider malfeasance (e.g. a rogue employee siphoning assets). In either case, once assets are removed from custody, they may be irrecoverable.
Trading losses: Losses incurred by a trading partner when an executed strategy performs poorly or market conditions move against positions. For example, a partner running a delta-neutral arbitrage could experience extreme volatility or funding-rate swings that exceed their risk buffers, forcing them to liquidate at a loss and leaving Doppler unable to reclaim the full principal plus expected yield.
Insolvency: The state in which a custodian or trading partner cannot meet its financial obligations—either because liabilities exceed assets or due to sudden cash-flow shortfalls. In an insolvency event, user funds may be tied up in legal proceedings, subject to creditor claims, or ultimately lost if the counterparty’s estate is insufficient to cover its debts.
How Doppler manages/mitigates Counterparty Risk
Doppler Finance manages counterparty risk through a layered approach across both custody and trading partner relationships:
Custody
We partner exclusively with industry-leading, audited custodians such as Fireblocks and Copper, ensuring best-in-class security protocols.
Assets held in custody may be subject to insurance coverage for specific risks, but this coverage is subject to exclusions, limitations, and the terms of each policy
Trading Partners
We structure our allocations as principal-protected loans and focus on low-risk strategies, so that the principal remains safeguarded unless a partner faces total insolvency.
A rigorous, quantitative due diligence process evaluates each operator’s track record, strategy soundness, assets under management and overall insolvency risk before onboarding.
We enforce strict concentration limits and engage multiple trading partners across diverse strategies, significantly reducing the impact of any single partner’s failure.
Ongoing performance reviews and frequent risk checks allow us to monitor real-time metrics, and we promptly off-board any partner that falls below our defined performance or risk thresholds.
Liquidity Risk
Description
Doppler Vaults are exposed to ‘Liquidity risk’ because fund settlements can take time, and when redemption requests surge, it must rely on external markets whose liquidity can quickly dry up.
Liquidity risk is the risk of being unable to process client redemptions in a timely manner due to insufficient liquid assets.
How Doppler manages/mitigates Liquidity Risk
Doppler Finance employs a multi-layered approach to manage liquidity risk:
Liquid Allocation
We maintain at least 30 % of our total portfolio in highly liquid, arbitrage-based “open loan” structures.
These open loans allow full recall and redemption within 24 hours, creating a reliable liquidity buffer for client redemptions.
Redemption Terms Aligned with Client Needs
Our open loan funds feature 24-hour settlement terms, comfortably supporting our standard 7-day redemption window.
This ensures that even in normal market conditions, we aim to fulfill withdrawal requests in a timely manner under normal conditions, but delays may occur during periods of high market stress or operational disruption.
Bridge Loan Partnerships
We have selected capital partners who provide bridge loans on favorable terms.
In the rare event of an unexpected redemption spike or temporary market dislocation, these bridge loans serve as a secondary source of liquidity—intended to help support timely redemptions. However, availability of such facilities is not guaranteed and may be impacted by market conditions or third-party factors.
Bridge loans are intended to support redemption flow but are not guaranteed and may be impacted by market or third-party conditions.
Cybersecurity Risk
Description
Doppler Vaults are exposed to ‘Cybersecurity risk’ because it operates on interconnected digital systems and relies on both centralized infrastructure and smart contracts.
Cybersecurity risk is the risk of asset loss due to external cyberattacks, a breach of Doppler’s servers, or a security compromise on the client’s end (e.g., private key theft).
Representative examples include:
Backend Server Hack
The attacker could manipulate the backend to submit unauthorized withdrawal requests disguised as legitimate ones.
Custody Admin Hack
The attacker could modify custody settings or permissions to divert assets out of the secure vault.
Institution’s Private Key Hack
If an institution’s wallet keys are compromised, a seemingly valid withdrawal request could be executed, resulting in asset theft.
Smart Contract Vulnerability Exploit
An attacker could discover and exploit a bug in Doppler’s or a partner’s smart contract (e.g., reentrancy or logic flaw) to drain funds or lock up user assets. In the event of an exploit, Doppler may pause affected systems, disable contracts, and initiate emergency mitigation procedures.
How Doppler manages/mitigates Counterparty Risk
Backend Server Hack
Monitoring Method
Cross-verify all withdrawal requests against on-chain balances to detect any withdrawals exceeding a user’s actual holdings.
Response Plan
Backend Security Management: Store all service credentials in Google Secret Manager.
Automated Rejection: Any withdrawal request flagged as abnormal by our anomaly detector is automatically rejected and escalated.
Custody Admin Hack
Monitoring Method
Require multiple approvers for any custody-setting change. All proposed modifications trigger real-time notifications and await explicit approval before going live.
Response Plan
Hardware-Backed Admin Security: Store admin keys on sealed hardware modules and enforce 2FA on separate devices.
Multi-Sig Approval: A 3-of-6 multisignature scheme ensures that no single compromised key can alter custody settings or move funds.
Institution’s Private Key Hack
Monitoring Method
Leverage the 7-day withdrawal notice period to allow institutions to detect and report unauthorized access before final settlement.
Response Plan
Withdrawal Period Safeguard: Institutions can cancel any withdrawal request within 7 days if they suspect key compromise.
Anomaly Alerts: Any unusual interaction with Doppler (e.g., out-of-policy transaction patterns) triggers immediate alerts to both the institution and our security team.
IP Whitelisting: Only pre-approved IP addresses may initiate withdrawal requests on behalf of an institution.
Smart Contract Vulnerability Exploit
As a proactive safeguard, all smart contracts undergo comprehensive security audits by top-tier audit firms—while audits help identify potential vulnerabilities, no audit can guarantee complete security.
In the event of an exploit, Doppler may pause affected systems, disable contracts, and initiate emergency mitigation procedures.
Affected users will be notified via communication channels. Doppler will conduct a post-mortem review and transparently publish findings.
Last updated