Alpha Homora Risk Assessment

This is the risk assessment conducted by Iron Bank team for providing credit limit to Alpha Homora on Optimism. (Sept 8, 2022)


A. Is the cashflow deterministic?

  1. The destination of the fund is determined by Homora Spells. Fund destinations can be whitelisted by governance.

  2. Currently only UniswapV3Spell is whitelisted

    • UniswapV3Spell handles the core logic of integration with UniswapV3. When a user opens or closes a leveraged position, this contract in turn deposits tokens into or withdraws tokens from UniswapV3.

    • After UniswapV3Spell adds liquidity to Uniswap V3 (line 105), the received UniswapV3 NFT is stored in an ERC1155 wrapper contract (WUniswapV3Position, line 122) which mints a corresponding ERC1155 NFT, which is stored in HomoraBank contract, representing the collateral backing the created leveraged position. (line 125)

    • Note that in order to withdraw the UniswapV3 NFT from WUniswapV3Position, one has to burn the corresponding ERC1155 NFT. Currently only UniswapV3Spell is allowed to take the ERC1155 NFT from HomoraBank (line 672, inExec modifier), when UniswapV3Spell._removeLiquidity (line 392 below) is called.

B. Is IronBank debt senior debt?

  1. Whenever a leveraged position is closed (either due to liquidation or user actions), UniswapV3Spell._removeLiquidity is called to handle the key action of removing liquidity from Uniswap V3.

  2. To understand whether Iron Bank has first-priority claims for funds that are owed, we examine where funds go whenever tokens are withdrawn from Uniswap V3 LP.

  3. UniswapV3Spell._removeLiquidity withdraws tokens from UniswapV3 Position on line 395 and then calculates the amount owed to Iron Bank on line 409 and 412

  4. The function then repays the owed amount, concluding the _removeLiquidity operation.

  5. The sequence of function calls within doRepay are bank.repay → bank.repayInternal → bank.doRepay → ICToken.repayBorrow.

  6. Therefore, users can rest assured that whenever an LP position is withdrawn from Uniswap V3, anything owed to Iron Bank is repaid first.

Smart Contract Risk

Audit report

Do audits reveal any concerning signs?

  • Trust Issue of Admin keys Admin key is held by a 4/6 multisig owned by both Alpha and Iron Bank team members. Details of admin operations are listed in Admin Controls.

Price Oracle

Decentralized oracle Chainlink and Band are used when calculating Uniswap v3 LP value.

Position management

  • 3~5% liquidation incentive for rapid liquidation

  • All active positions can be found here:

Admin Controls


  • ProxyAdmin - 0xb0bBa70Beb9D536F1A19d9e2AD6160cE6acfF1EC owned by governor upgrade implementation of proxy contracts

  • exec - 0xCDE30CC7502290a6B8827254810F4C852f5f3EE6 handles more serious functionality, e.g. changing price oracle

  • governor - 0x9EF9BDC43D239CfEE29A8a568a41574C14DC2C49 adding spell, set credit limits, etc.


  • upgradable contracts - ProxyAdmin

    • SafeBox

    • SafeBoxNative

    • StakingsafeBox

    • StakingSafeBoxNative

    • WUniswapV3Position

  • change oracle - exec This is a high risk operation which may break the system, therefore exec access level is required.

  • add new spell - governor As long as the oracle reports the correct price, even if the spell is malicious, the bank will always guarantee that in the end, the collateral > borrow with some buffers.

  • setCreditLimits - governor Giving whitelisted users the ability to do leverage farming via integration contract. Debt ratio will still be checked.

Last updated