NETWORK OPERATIONALBLOCK 21,884,401
$BSN $1.247TVL $847.3M
The protocol

Three contracts. One treasury. Zero admin keys.

Your Business is intentionally small. The whole protocol is three composable contracts and a registry — no proxies, no upgradeable storage, no privileged callers. Every parameter is set by on-chain governance and executed by timelock. This page documents what's actually deployed.

Architecture

The diagram is the source of truth.

┌─────────────────────────────────────────────────────────────────────┐ Your Business PROTOCOL v3 ├─────────────────────────────────────────────────────────────────────┤ USER DAO STRATEGY DEVS ┌─────────┐ ┌──────────┐ ┌──────────────┐ │ VAULT.S │ ◄────── │ GOV.SOL │ ──────► │ REGISTRY.SOL │ │ OL │ routes │ timelock │ approves│ whitelist │ └────┬────┘ fees └──────────┘ + risk └──────┬───────┘ ┌──────────────────────────────────────────────────┐ │ STRATEGY CONTRACTS (142) │ │ eth-staking · cdp-loop · perp-mm · 139 more... │ └──────────────────────────────────────────────────┘ # NO PROXIES · NO ADMIN · NO UPGRADE PATH FOR DEPLOYED VAULTS # GOV CHANGES TAKE 7 DAYS TIMELOCK · GUARDIAN CAN VETO ONLY └─────────────────────────────────────────────────────────────────────┘

Vault.sol is the user-facing contract. It holds deposits, mints share tokens (basinETH, basinUSDC, etc.), and routes assets to whitelisted strategies. Vaults are non-upgradeable — once deployed, the bytecode is frozen. There is no migration function, no admin role, no recovery path. If governance wants to deprecate a vault, they vote to pause new deposits and let it wind down.

Gov.sol is the governance module. It accepts proposals from any address holding ≥0.1% of $BSN (currently ≈100k tokens), runs a 5-day vote, and executes successful proposals through a 7-day timelock. The timelock cannot be bypassed. A 5-of-9 multisig of community guardians can veto a proposal during timelock — they cannot enact one.

Registry.sol maintains the list of approved strategy contracts that vaults are allowed to call. Adding a strategy requires a governance vote. Removing one requires a vote, or — for emergencies — a guardian veto on its current allocation.

These three contracts and a small periphery (helpers, multicall, view) are the entirety of the protocol surface. Total ~2,400 lines of Solidity, audited by six firms across three rounds. Every bytecode hash is verified against the deployed addresses on Etherscan, Basescan, and Arbiscan.

Market mechanism

How yield arrives in your vault.

Your Business doesn't generate yield itself. It allocates capital across audited strategies that do — staked-ETH derivatives, perp market-making, structured CDP positions, and yield-bearing stablecoin pairs. The DAO sets caps per strategy and per asset, and the vault rebalances daily.

// VAULT FEE (PROTOCOL)
0.30%
Charged on harvest, sent to treasury. Adjustable by governance.
// PERFORMANCE FEE
10%
Of strategy-realized yield. Splits 50/50 treasury / strategy author.
// MAX STRATEGY ALLOCATION
25%
Per-vault cap on a single strategy. Lowered to 10% for unaudited strategies.
// REBALANCE WINDOW
24H
On-chain rebalance is permissionless and incentivized with 0.05% caller fee.
// WITHDRAWAL DELAY
0–3 BLOCKS
Liquid vaults: same block. Locked vaults: up to 3 blocks for hedge unwind.
// EMERGENCY EXIT
PERMISSIONLESS
Any user can call emergencyWithdraw() after a guardian veto.
Oracles

We use three price feeds. Always.

Your Business's vault accounting depends on accurate asset prices — for collateral checks, share-price calculations, and harvest math. We use three independent oracles per asset and require two of three to agree within 0.5%, or the vault pauses harvest until they reconcile. This is opinionated and the DAO has rejected three proposals to relax it.

// PRIMARY ORACLE
CHAINLINK
Deviation threshold + heartbeat enforced per feed.
// SECONDARY ORACLE
PYTH
Pull-based, signed price updates verified on-chain.
// TERTIARY ORACLE
UNI-V3 TWAP
30-minute TWAP from largest deep-liquidity pool.
// CONSENSUS RULE
2 OF 3 ≤0.5%
Two oracles must agree within 50 bps. If not, vault auto-pauses.
Security audits

Six firms. Three rounds. Zero criticals live.

Every audit report below is published in full on the protocol's GitHub. We list outstanding issues, not just resolved ones. Findings classified High or Critical have all been fixed and re-audited; Medium findings are tracked publicly in the issue queue.

Trail of Bits

Vault & Registry · Round 3

2026.01.18 · 6 weeks · 142 pages
0 · Critical1 · High (fixed)4 · Medium (3 fixed)11 · Informational
Spearbit

Governance & Timelock

2025.11.04 · 4 weeks · 78 pages
0 · Critical0 · High2 · Medium (fixed)9 · Informational
OpenZeppelin

Strategy Registry · v3 launch

2025.08.22 · 5 weeks · 96 pages
0 · Critical2 · High (fixed)3 · Medium (fixed)7 · Informational
Code4rena

Public contest · v3 release

2025.07.10 · 14 days · 412 wardens
0 · Critical3 · High (fixed)9 · Medium (8 fixed)$420k · payout
Sigma Prime

Oracle integration · v2.4

2024.10.02 · 3 weeks · 54 pages
0 · Critical1 · High (fixed)4 · Medium (fixed)6 · Informational
Cantina

v3 final review

2026.02.14 · 2 weeks · 38 pages
0 · Critical0 · High1 · Medium (acknowledged)4 · Informational