Risk Disclosures

Collateral & custodyCollateral sits segregated in one vault, never on CRX's balance sheet.
Smart contract riskA bug is possible; deterministic, loop-free code narrows the surface.
Oracle riskBoth prices read Pyth, guarded by staleness and confidence breakers.
Counterparty riskEvery position is fully collateralized; the closed-out party pays first.
Close-out riskAn unmet cure window or a fall through the maintenance margin closes the position against its posted collateral.

Trading on CRX carries risk. This page names each risk and what secures it. The list is not exhaustive, and nothing here is investment advice.

WarningSandbox environment. CRX runs today in a Sandbox on Base Sepolia, where balances and settlements carry no production value. An independent security review is underway; until its reports publish, treat each property below as a stated design property. Do not commit value that cannot be afforded to lose.

Collateral & custody

All collateral sits in one on-chain vault, keyed by relationship: segregated, non-rehypothecable, never on CRX's balance sheet, and moved only on validated on-chain proof. The protocol is deployed as a core contract and two engine contracts that share one state and act as one, detailed in CRX (~10 min). The keys are held by a multisig across parties with something at stake.

Smart contract risk

A contract could carry a bug. The design narrows the surface:

Deterministic. The same inputs always produce the same result; the code never loops over stored lists or branches on who is calling.
No growing on-chain lists. Position and asset sets are passed in with each call and checked by count and membership, leaving no call able to run an unbounded loop.
One state across contracts. A core contract and two engine contracts share one state and run as one. The full surface is in CRX (~10 min).

Oracle risk

The mark and the fixing both read Pyth, a price oracle published directly by major trading firms and exchanges and relied on across institutional DeFi. Each price is signed at the source and weighted by publisher confidence, leaving a thin or mispriced quote all but ignored. CRX guards it further:

FX rate. A print older than 30 seconds (MAX_MARK_AGE) is rejected, raising StaleMark.
Collateral prices. A collateral price older than ten minutes is valued at zero, never trusted stale.
Confidence-band breaker. A print the publishers disagree on is refused, and the mark falls back to the EMA.
Missing or mis-scaled feed. A missing or mis-scaled feed fails loud and halts the path that needed it.

If Pyth is unavailable for a pair, trades on it cannot mark or settle until it returns: no trade runs on a price the guards reject. See Oracle (~3 min).

Counterparty risk

Every position settles against collateral locked in the contract, never against a promise. Two structural properties secure it:

Non-custodial collateral. The taker's margin is held by the contract, segregated, never on CRX's balance sheet, and moved only on validated on-chain proof. No counterparty failure can strand it.
The closed-out party pays first. Its loss is taken from its own estate (the locked margin behind its positions, then its margin account pro-rata) before any residual is carried. Any residual the estate cannot cover is borne by CRX, with ISDA recovery as the legal claim.

The loss is absorbed in a fixed order, each tranche reached only when the one before is exhausted:

Close-out risk

Two triggers close a position out, whichever comes first: a margin call left unmet at the end of its 48-hour cure window, or a fall through the maintenance margin — 60% of initial margin as the standard term. Marking never pauses: variation margin settles continuously through the window, and gains on the firm's other positions keep counting toward the call. On either trigger the risk engine reduces the book, closing positions at the oracle mark and paying the other side from the closed-out party's collateral: the position's locked initial margin first, then its margin account.

Each trading relationship resolves as one netting set — a single net amount, in the payment order above. A proven shortfall across the closed-out party's whole estate closes its whole book. The model: The Risk Engine (~3 min). The full procedure, step by step, is on-chain code: CRX contract reference (~10 min).

Glossary

Term	Meaning
EMA	Exponential moving average of the Pyth price: the fallback rate the oracle uses when the live spot's confidence band is too wide to trust.
Locked initial margin	A party's initial margin, locked behind one position.
VM	Variation margin: the automatic on-chain debit that clears P&L as the rate moves.

Learn more about CRX for your businessBook a 30-minute demo with the team

Risk Disclosures

Collateral & custodyCollateral sits segregated in one vault, never on CRX's balance sheet.
Smart contract riskA bug is possible; deterministic, loop-free code narrows the surface.
Oracle riskBoth prices read Pyth, guarded by staleness and confidence breakers.
Counterparty riskEvery position is fully collateralized; the closed-out party pays first.
Close-out riskAn unmet cure window or a fall through the maintenance margin closes the position against its posted collateral.

Trading on CRX carries risk. This page names each risk and what secures it. The list is not exhaustive, and nothing here is investment advice.

WarningSandbox environment. CRX runs today in a Sandbox on Base Sepolia, where balances and settlements carry no production value. An independent security review is underway; until its reports publish, treat each property below as a stated design property. Do not commit value that cannot be afforded to lose.

Collateral & custody

Smart contract risk

A contract could carry a bug. The design narrows the surface:

Deterministic. The same inputs always produce the same result; the code never loops over stored lists or branches on who is calling.
No growing on-chain lists. Position and asset sets are passed in with each call and checked by count and membership, leaving no call able to run an unbounded loop.
One state across contracts. A core contract and two engine contracts share one state and run as one. The full surface is in CRX (~10 min).

Oracle risk

FX rate. A print older than 30 seconds (MAX_MARK_AGE) is rejected, raising StaleMark.
Collateral prices. A collateral price older than ten minutes is valued at zero, never trusted stale.
Confidence-band breaker. A print the publishers disagree on is refused, and the mark falls back to the EMA.
Missing or mis-scaled feed. A missing or mis-scaled feed fails loud and halts the path that needed it.

If Pyth is unavailable for a pair, trades on it cannot mark or settle until it returns: no trade runs on a price the guards reject. See Oracle (~3 min).

Counterparty risk

Every position settles against collateral locked in the contract, never against a promise. Two structural properties secure it:

Non-custodial collateral. The taker's margin is held by the contract, segregated, never on CRX's balance sheet, and moved only on validated on-chain proof. No counterparty failure can strand it.
The closed-out party pays first. Its loss is taken from its own estate (the locked margin behind its positions, then its margin account pro-rata) before any residual is carried. Any residual the estate cannot cover is borne by CRX, with ISDA recovery as the legal claim.

The loss is absorbed in a fixed order, each tranche reached only when the one before is exhausted:

Close-out risk

Glossary

Term	Meaning
EMA	Exponential moving average of the Pyth price: the fallback rate the oracle uses when the live spot's confidence band is too wide to trust.
Locked initial margin	A party's initial margin, locked behind one position.
VM	Variation margin: the automatic on-chain debit that clears P&L as the rate moves.

Learn more about CRX for your businessBook a 30-minute demo with the team

1Collateral & custody

2Smart contract risk

3Oracle risk

4Counterparty risk

5Close-out risk

6Glossary

1Collateral & custody

2Smart contract risk

3Oracle risk

4Counterparty risk

5Close-out risk

6Glossary

Collateral & custody

Smart contract risk

Oracle risk

Counterparty risk

Close-out risk

Glossary

Collateral & custody

Smart contract risk

Oracle risk

Counterparty risk

Close-out risk

Glossary