Potential Risks to Lenders

Bad Debt:

  • Risk:
    • The risk of debt accrued by underwater positions in case liquidators do not liquidate in time during a period of high market volatility.
  • Mitigation:
    • We have taken a cautious approach by setting each asset's key parameters based on their risk profiles. We also have provided enough incentive to liquidators to call and liquidate applicable positions. Hence, we believe this risk scenario is very unlikely to occur.

Timing of Asset Return:

  • Risk:
    • Delay in getting deposited asset back in case of the pool’s high level of utilization. Please note that borrowers can borrow the funds as long as they like and there is no fixed term for when the funds must be returned.
  • Mitigation:
    • We use a double-slope interest rate to optimize for 85% fund utilization. The steep increase in interest rate beyond the 85% utilization should incentivize more lenders to deposit funds and borrowers to return outstanding loans, optimizing the pool to stay at a flexible level below ~85%.

Potential Risks to Borrowers


  • Risk:
    • Once you borrow token from Alpaca Finance 2.0, you run the risk of being liquidated if price of the borrowed asset appreciates against the collateral. Your position will be liquidated when the Risk-adjusted liability value reaches Risk-adjusted collateral value. See Asset-Specific Parameters for more information
  • Mitigation:
    • This can be mitigated by borrowing at a low amount relative to your risk-adjusted collateral value, monitoring positions during volatile market conditions, and closing them before hitting the liquidation parameters.

Smart Contract Risks

  • Risk:
    • While our smart contracts have been audited by third-party firms, they could theoretically have vulnerabilities. Integrated 3rd-party platforms like the AMMs we build on can also carry smart contract risk.
  • Mitigation:
    • Having smart contracts audited by multiple professional third-party firms decreases the chance of vulnerabilities. You can find audit reports here.
    • We also run a bug bounty program to provide incentives for people to look for vulnerabilities in our live code as an extra layer to filter out any potential issues. More on that here.
    • We carefully screen any platforms we integrate with, only working with those that have been audited and shown a track record of good security.