Skip to main content
This page covers the security properties you can reference for compliance and due diligence. Aera, a Gauntlet product, uses audited smart contracts, constrained roles, and on-chain enforcement to limit risk. The protocol has had zero exploits since launch.

Audits

The Aera V3 protocol contracts powering Gauntlet vaults have been reviewed by multiple independent firms:
AuditorScopeTypeNotes
SpearbitAera V3 core contractsAudit (June 2025)Comprehensive review of BaseVault, hooks, provisioner, and guardian patterns
OpenZeppelinAera V3 contractsAuditCore vault and access control logic
CantinaAera V3 contractsCompetitive auditCommunity security competition with multiple independent reviewers
ImmunefiOngoingBug bountyActive bounty program for responsible disclosure
Audit reports are published by the Aera protocol team. For the latest reports, see the Aera security documentation.

Gauntlet Risk Management

Aera is built and operated by Gauntlet, which has managed risk across 100+ DeFi protocols covering $48B+ in digital assets. Gauntlet operates as the guardian for Aera vaults, bringing institutional-grade risk infrastructure to vault operations:
  • Real-time monitoring — Gauntlet’s risk systems continuously evaluate market conditions, protocol health, and portfolio exposures to inform guardian operations.
  • On-chain enforcement — Risk constraints are enforced at the protocol level via the guardian model and hooks. Constraint violations revert within the same transaction — there is no delay between detection and enforcement.
  • Curation methodology — Markets and protocols are evaluated against smart contract risk, liquidity risk, oracle risk, and counterparty risk before inclusion in any vault’s allocation set. See Curation.

Trust Assumptions

ParticipantTrustsVerified On-Chain
DepositorVault owner to set safe constraints; guardian to operate competentlyHook validation, share accounting
Vault OwnerGuardian to follow strategy; hooks to enforce rulesHook execution, Merkle proof validation
GuardianHooks to validate correctly; DeFi protocols to behave as expectedOperation execution through vault contract
What is not trustless: Strategy quality depends on Gauntlet’s off-chain risk analysis. Guardian liveness is required for active management (depositors can still withdraw if a guardian goes offline). Merkle tree updates are a governance action, not automated.

Circuit Breakers

  • Pause — Vault owner or any guardian can halt all guardian operations within a single block, while preserving depositor withdrawals. No governance vote or timelock required.
  • Hook-level guards — Individual hooks can reject operations when prices or exposures deviate beyond thresholds. Enforcement is synchronous — violations revert the transaction before any state change.
  • Multi-guardian isolation — Vaults support multiple guardians with independent permission sets. Compromising one guardian does not grant access to another’s operations.
For the full contract security model, see Aera V3 Guardian Model, Aera V3 Hooks, and Contract Reference.