> For the complete documentation index, see [llms.txt](https://gitbook.mor.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gitbook.mor.org/smart-contracts/documentation/distribution-protocol/v7-protocol/risks.md).

# Risks

### **Upgradeability Risks**

Most contracts use the `UUPSUpgradeable` pattern. Mistakes during upgrades can lead to data loss or funds being locked.

### **Access Control Risks**

Many functions are protected by the `onlyOwner` modifier, concentrating power in a single address. If the owner's private key is compromised, an attacker could control all critical functions: changing parameters, withdrawing funds, or upgrading contracts.

### **External Dependency Risks**

The protocol relies on third-party contracts (Aave, Chainlink, Uniswap, LayerZero, Arbitrum bridges). Vulnerabilities, upgrades, or failures in these dependencies can lead to loss of funds or protocol downtime.

### **Oracle Risks**

The `ChainLinkDataConsumer` contract fetches prices via Chainlink. If the oracle is compromised or becomes unavailable, the protocol may use incorrect data, leading to faulty calculations, loss of funds, or attacks on protocol solvency.

### **Token Transfer and Approval Risks**

The use of `SafeERC20` and `TransferHelper` reduces, but does not eliminate, risks associated with non-standard token implementations (e.g., re-entrancy attacks, unexpected behavior). Errors in transfer logic can result in loss of funds.

### **Cross-Chain Risks**

Contracts like `L1SenderV2` and `L2TokenReceiverV2` interact with bridges and cross-chain messaging. This is a complex area where attacks on bridges, message delays, duplication, or loss can lead to funds being lost or locked.

### **Centralization and Governance Risks**

Centralized control over key parameters (oracles, pools, bridges) creates a single point of failure and the potential for abuse.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://gitbook.mor.org/smart-contracts/documentation/distribution-protocol/v7-protocol/risks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
