# Risks ### **Upgradeability Risks** Most contracts use the `UUPSUpgradeable` pattern. Mistakes during upgrades can lead to data loss or funds being locked. ### **Access Control Risks** Many functions are protected by the `onlyOwner` modifier, concentrating power in a single address. If the owner's private key is compromised, an attacker could control all critical functions: changing parameters, withdrawing funds, or upgrading contracts. ### **External Dependency Risks** The protocol relies on third-party contracts (Aave, Chainlink, Uniswap, LayerZero, Arbitrum bridges). Vulnerabilities, upgrades, or failures in these dependencies can lead to loss of funds or protocol downtime. ### **Oracle Risks** The `ChainLinkDataConsumer` contract fetches prices via Chainlink. If the oracle is compromised or becomes unavailable, the protocol may use incorrect data, leading to faulty calculations, loss of funds, or attacks on protocol solvency. ### **Token Transfer and Approval Risks** The use of `SafeERC20` and `TransferHelper` reduces, but does not eliminate, risks associated with non-standard token implementations (e.g., re-entrancy attacks, unexpected behavior). Errors in transfer logic can result in loss of funds. ### **Cross-Chain Risks** Contracts like `L1SenderV2` and `L2TokenReceiverV2` interact with bridges and cross-chain messaging. This is a complex area where attacks on bridges, message delays, duplication, or loss can lead to funds being lost or locked. ### **Centralization and Governance Risks** Centralized control over key parameters (oracles, pools, bridges) creates a single point of failure and the potential for abuse. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gitbook.mor.org/smart-contracts/documentation/distribution-protocol/v7-protocol/risks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.