Tectonic FinanceCronos Money Market

Security

Security and audits

No DeFi protocol is risk-free, and anyone who tells you otherwise is selling something. What you can do is understand where Tectonic's security comes from, what it does not cover, and how to protect yourself from the threats that have nothing to do with the smart contracts at all.

Built on Compound

Tectonic is a fork of Compound, one of the earliest and most heavily reviewed money-market protocols in DeFi. Compound's core was audited by firms including Trail of Bits and OpenZeppelin and ran on Ethereum for years before Tectonic adapted it for Cronos. Forking mature code is not a guarantee — modifications can introduce new bugs — but starting from a proven design is meaningfully safer than writing novel lending logic from scratch.

Audits

Beyond the inherited Compound reviews, Tectonic's own contracts were examined by external security firms and the Cronos team. Reported reviewers include SlowMist and BlockSec, alongside internal review from the team behind the launch and the Cronos Labs security group. Audits reduce risk; they never eliminate it. They are a snapshot of specific code at a specific time, and any later change ideally warrants a fresh look.

How to read an audit: check what was audited (which contracts, which version), who did it, when, and whether the findings were fixed. An audit badge with none of that context tells you little.

Security that comes from design

  • Over-collateralisation. Every loan is backed by more value than it borrows, so the protocol can absorb price moves.
  • Liquidations. Risky positions are unwound automatically before they threaten suppliers — see how liquidations work.
  • Per-asset risk limits. Collateral factors, caps and reserves contain the damage any single asset can do.
  • On-chain transparency. Balances and parameters are publicly verifiable rather than hidden on a company server.

Risks that remain

Smart-contract bugs, oracle manipulation, stablecoin de-pegs, governance attacks and extreme market crashes are all real possibilities in any lending protocol. Diversifying, borrowing conservatively, and never committing money you cannot afford to lose are the user-side defences that actually matter.

The biggest day-to-day threat: fake sites

In practice, most people who lose funds in DeFi are not undone by a contract exploit — they are phished. Scammers clone popular protocols at lookalike domains, run ads on those brand names, and wait for a careless click that ends in a drained wallet.

Protect yourself:

  • Reach the app only through verified links — the official documentation and social channels publish the correct addresses.
  • Check the address bar character by character before connecting a wallet.
  • Be wary of search ads and DMs offering "support" or "airdrops."
  • Never share your seed phrase — no legitimate site or admin will ever ask for it.

Bookmark the addresses you trust. When in doubt, navigate from the official social channels rather than from a search result or an ad.

Liquidations
The design-level safety mechanism.
What is Tectonic?
The protocol in context.
FAQ
"Is Tectonic safe?" and more.