Security & Compliance

Security

Mystic Finance is a fork of Aave V3, which has processed billions in TVL and has undergone rigorous audits by several leading auditing firms, namely ABDK, SigmaPrime, Certora, Peckshield, Trail Of Bits and OpenZeppelin. All audits can be seen here.

All new features we release that are not covered by these audits will undergo an audit before going to production. The first feature that will undergo an audit before going live is the permissioning of pools.

Compliance

There are two main areas we take special care with in regards to compliance:

• Permissioning - we must ensure only eligible parties ever hold RWAs on Mystic. To do so, we set different accessibility requirements to each pool based on the requirements of its assets (e.g. only non-US investors can access a pool). These requirements are different per pool, and while some pools are permissionless (because theirs assets are too), some are fully permissioned (either because of borrower/lender preference or asset requirements) and some are semi-permissioned (if there are liquidators in the pool then lenders never hold the asset, meaning they don’t need to KYC).

• Custody - this is the main regulatory aspect we must solve for at Mystic - if securities are deposited on our protocol, doesn’t that mean we’re custodying the assets? Our solution to this is a key part of Mystic’s USP and of the innovation we bring to the table - the whole protocol is being developed together with a custodian, so that whenever an asset is locked/deposited on our protocol, it’s automatically being held by a custodian.This combination of centralisation and decentralisation is what makes Mystic so appealing and what makes us so uniquely positioned to bridge TradFi and DeFi.