# Smart Contract Risk

hBTC is implemented through a set of **Clarity smart contracts** deployed on the Stacks blockchain. The core vault architecture follows a **simple, ERC-4626–style vault design**, where user deposits mint proportional shares and withdrawals redeem assets based on net asset value.

Despite this conservative design approach, smart contract risk remains inherent and includes:

* **Code vulnerabilities:** Undiscovered bugs, logic errors, or edge cases in hBTC smart contracts could result in unexpected behavior, loss of funds, or incorrect accounting.
* **Integration risk:** hBTC interacts with external smart contracts (e.g., money markets, yield protocols). Vulnerabilities or failures in integrated contracts may adversely affect protocol operation.
* **Upgrade and configuration risk:** Although governance controls and timelocks are in place, contract upgrades or parameter changes may introduce new risks or unintended consequences.
* **Execution risk:** Smart contracts operate deterministically based on on-chain inputs; oracle failures, unexpected state transitions, or extreme market conditions could impact execution outcomes.

{% hint style="success" %}
To mitigate these risks, hBTC smart contracts have undergone **multiple independent security audits** conducted by experienced third-party firms. 

*For additional details, see the* [*Audits documenatation*](https://docs.hermetica.fi/hbtc/audits)*.*
{% endhint %}

{% hint style="info" %}
While audits and conservative design reduce risk, they do not eliminate the possibility of unforeseen vulnerabilities or failures.
{% endhint %}