Risks & FAQ
Please read this before using NFT Loans. DeFi carries risks. This page explains what could go wrong.
Risk Summary
| Risk | Severity | Who's Affected |
|---|---|---|
| Smart contract bugs | High | Everyone |
| Borrower cheats (Deposit mode) | Medium | Lenders |
| NFT floor price drops | Medium | Lenders |
| Borrower defaults | Medium | Borrowers |
| Admin key compromise | Medium | Everyone |
| Ethereum network issues | Low | Everyone |
Smart Contract Risks
The Contracts Could Have Bugs
Despite testing, there could be undiscovered vulnerabilities:
- Funds could be locked permanently
- NFTs could be stolen
- Unexpected behavior under edge cases
Mitigation:
- Code is open source
- Tests cover major flows
- Timelock on admin functions
- (Audit status: pending)
Upgrade Risks
The contracts are NOT upgradeable. This is intentional—it prevents admin from changing the rules. But it also means bugs can't be easily fixed.
Dependency Risks
We depend on:
- OpenZeppelin contracts (well-audited)
- Safe wallet contracts (well-audited)
- Ethereum itself
Issues in these could affect us.
Safe Guard Mode Risks
Guard Bypass
If there's a way to bypass the Guard, borrowers could transfer locked NFTs.
Mitigations:
- We check for existing modules before allowing loans
- We check for existing approvals
- 24-hour activation delay catches setup issues
Module Exploitation
If the Liquidation Module has bugs, it could:
- Fail to execute valid liquidations
- Execute invalid liquidations
- Transfer wrong NFTs
Mitigations:
- Module is extremely limited in scope
- Can only transfer specific NFT to specific recipient
- Only callable by NFT Loans Core
Safe Wallet Vulnerabilities
If Safe itself has vulnerabilities, all bets are off. This is an external dependency risk.
Deposit Mode Risks
Borrower Cheating
Borrowers CAN cheat by transferring NFTs or revoking approval. The deposit provides partial compensation but may not cover the lender's loss.
For Lenders:
- Price Deposit mode loans accordingly (higher rates)
- Consider only accepting Safe Guard mode
- Monitor your loans
Slow Detection
If cheating isn't reported quickly, the borrower gets away with it for longer. There's no automated monitoring (yet).
Insufficient Deposit
20% deposit may not cover lender losses if:
- NFT floor is much higher than loan amount
- Market moves quickly
Economic Risks
NFT Floor Price Collapse
If the floor drops below the loan principal:
- Lender may not want to liquidate
- Lender takes a loss even with liquidation
For Lenders:
- Don't lend at high LTV
- Diversify across loans
- Only lend against collections you understand
Interest Rate Risk
Fixed rates mean:
- Lenders: If market rates rise, you're stuck at lower rate
- Borrowers: If market rates fall, you're stuck at higher rate
Liquidity Risk
NFTs are illiquid. If you receive one through liquidation, selling it quickly may mean accepting below floor.
Operational Risks
Admin Key Compromise
The admin (owner) can:
- Set floor prices for additional collateral
- Approve new collections
- Pause the protocol
- Change fee recipient
Mitigations:
- 24-hour timelock on sensitive functions
- Admin should be a multisig (recommended)
- Admin CANNOT withdraw user funds/NFTs
Oracle/Price Manipulation
Floor prices for additional collateral are admin-set. A malicious admin could:
- Set artificially high prices to enable over-borrowing
- Set artificially low prices to under-value collateral
Mitigation:
- Timelock delay on price changes
- Community can monitor announced changes
Keeper Failures
If keepers don't call:
activateLoan()- Loans stay pending (borrower doesn't get funds)liquidate()- Defaults aren't processed (lender waits)reportCheating()- Cheaters aren't punished
Anyone can call these functions, so community can step in.
User Risks
Lost Keys
If you lose access to your wallet:
- Borrowers: Can't repay, will default
- Lenders: Can't receive repayments (they'd go to your address though)
Wrong Address
Sending to wrong addresses is irreversible. Double-check everything.
Phishing
Fake sites could steal your funds. Always verify:
- Contract addresses
- URL
- Transaction details
Frequently Asked Questions
General
Q: Is this audited? A: Audit status: [pending/completed]. Check the security page for details.
Q: Who runs this? A: [Your team/DAO info]
Q: Is the code open source? A: Yes. GitHub: [link]
Q: What are the fees? A: 2.5% of interest (not principal). No fees for lenders.
Q: What blockchains are supported? A: Ethereum mainnet only.
For Borrowers
Q: Will I lose my TDH? A: No! Your NFT stays in your wallet, so TDH continues accruing.
Q: What if I can't repay on time? A: You have a 24-hour grace period after maturity. After that, your NFT can be liquidated.
Q: Can I repay early? A: Yes. Interest is calculated based on actual time, so early repayment saves money.
Q: What happens to my deposit if I repay? A: It's returned in full.
Q: Can I extend my loan? A: Not currently. You'd need to repay and take a new loan.
Q: What if ETH price changes? A: Loans are denominated in ETH. Price changes affect what you can buy with borrowed ETH, but repayment is always in ETH terms.
For Lenders
Q: What returns can I expect? A: Interest rates are set by the market (you or the borrower). Typical ranges:
- Safe Guard: 5-15% APR
- Deposit: 15-30% APR
Q: What if the borrower defaults? A: You receive the NFT collateral (and deposit for Deposit mode). You can sell it or keep it.
Q: Can borrowers cheat me? A: In Safe Guard mode, no—the NFT is truly locked. In Deposit mode, technically yes, but they lose their deposit.
Q: How do I know if a borrower is cheating? A: Check if they still own the NFT and if approval is still valid. Or rely on community monitoring.
Q: What if nobody liquidates a defaulted loan? A: You can do it yourself. Anyone can call liquidate().
Technical
Q: What Safe version is supported? A: Safe v1.3.0 and above.
Q: Can I use a Safe with other modules? A: No. For security, we require exactly one module (our Liquidation Module).
Q: What NFT standards are supported? A: ERC-721 only. ERC-1155 is not supported.
Q: Are the contracts upgradeable? A: No. This is intentional for security.
Q: What's the timelock delay? A: 24 hours minimum for admin functions.
Edge Cases
Q: What if the borrower dies/loses keys during a loan? A: The loan will default. Lender receives collateral.
Q: What if Ethereum forks? A: Loans exist on whichever chain the contracts are deployed. We'd communicate about which chain to use.
Q: What if there's a long network outage? A: Maturity and grace periods are based on block timestamps. An outage could delay repayments and liquidations.
Q: What if gas prices spike? A: Transactions may become expensive. Plan for this, especially near maturity.
Q: What if the NFT contract is upgraded/migrated? A: The loan references the original contract address. Migration could make the collateral worthless. Understand the NFT project's upgrade policies.
Things We CAN'T Protect Against
- Smart contract bugs (unknown unknowns)
- Ethereum consensus failures
- User errors (wrong addresses, lost keys)
- NFT project rugs (worthless collateral)
- Extreme market events (flash crashes)
- Legal/regulatory actions
- Compromised admin keys (mitigated by timelock)
Best Practices
For Borrowers
- Use Safe Guard Mode if possible
- Borrow conservatively (low LTV)
- Repay early if possible
- Set reminders before maturity
- Keep ETH for repayment available
- Revoke approvals after repayment
For Lenders
- Prefer Safe Guard Mode loans
- Diversify across multiple loans
- Don't lend at high LTV
- Monitor your Deposit mode loans
- Understand the NFT collections
- Price risk appropriately
Disclaimer
NFT Loans is experimental software. By using it, you accept all risks. We are not responsible for:
- Lost funds or NFTs
- Smart contract failures
- Market losses
- Any other damages
Do your own research. Only use funds you can afford to lose.