Audit findings, protocol risks, and user entry scenarios.
Every finding from the Zellic report (Jan 19, 2026). No Critical or High severity issues. 3 Medium, 2 Low, and 6 Informational. Click a row to expand.
redeem, redeemEarly, and getBondInfo used the global terms.vestingTerm, so an owner change could retroactively shift maturity and early-exit settlement for existing bonds. Switched to per-bond vesting.
Concrete scenarios where user capital can shrink even when the protocol works as designed, and the guardrails for each.
You buy RBT spot while premium is large (around 3× NAV today) and BAM pulls price down to near-NAV.
Convergence to NAV means a large loss versus your entry. NAV trends upward over time, but recovering to your entry takes a while.
When the Live page verdict reads bond-only or overvalued, avoid spot buys and enter through a bond instead.
RBT market price falls faster than the bond's effective entry during the vesting window.
RBT received at maturity is worth less in market price than the USDm cost at commit. NAV survives, but market price can temporarily sit near NAV.
Only enter when the discount is above average, and check market price weekly while the bond is open.
Once sRBT is committed, you cannot pull capital out before maturity. Early exit incurs a penalty.
If an urgent cash need shows up, you either eat the penalty or wait until maturity.
Only commit capital you genuinely will not need. 24 weeks is roughly 6 months, 52 weeks is 1 year.
You post RBT as collateral on external lending and borrow USDm, then RBT market price drops sharply.
If LTV crosses the liquidation threshold, you get auto-liquidated and lose part or all of the collateral. POL and BAM eventually defend price, but liquidation happens immediately.
Keep LTV conservative under 40%. If price moves alone push it to 50%, deleverage immediately.
Parameters like the Lock distribution curve, bond discounts, or BAM slippage get changed by governance.
Reward at maturity for existing committed capital can shrink, or new-round entry efficiency can shift. The docs state every maturity curve and cap is at governance discretion.
Check the governance forum quarterly. If a distribution-reduction direction is decided, pause new commits.
Protocol-level risks listed on docs.blackhaven.xyz, with the mitigations in place.
Every DeFi protocol carries contract vulnerability risk. Even after an external audit, undiscovered issues can remain.
RBT market price can dip below backing value (NAV) for periods. The docs also note that Genesis Phase 1 charges a 10% protocol fee at bond commit, so RBT backing can run lower than 1-to-1.
The protocol relies on price oracles. Oracle manipulation or stale responses can affect NAV, bond pricing, and BAM premium capture.
Bonds are fixed-term products. The docs spell out the following risks.
This page summarizes Zellic's public report and the Risks section of docs.blackhaven.xyz. It is not a final recommendation. Please verify the docs, the original report, and the current contract state directly before allocating capital.
