Trust, minimized by design.
Every lending protocol asks you to trust something. We’ve made that list as short as possible.What you don’t have to trust
Not the team
No admin keys. No upgrade path. We literally cannot touch user funds.
Not a DAO vote
No governance can pause withdrawals, freeze markets, or seize positions.
Not other markets
Markets are fully isolated. A failure in one cannot affect any other.
Not hidden code
All contracts are open source and publicly verified.
What protects lenders
Permissionless liquidation
Anyone can close risky positions instantly. Bad debt is cleared in real time.
Minimal surface
~400 lines of code. Exhaustively reviewable.
Audit & disclosure
Independent review and adversarial testing are part of the pre-mainnet path, not an afterthought.Independent audit
Comprehensive third-party review of the lending core and integration surfaces, completed before mainnet deposits are accepted.
Public bug bounty
Live before mainnet, with material rewards sized to make adversarial review worthwhile.
Coordinated disclosure
A documented disclosure policy and a dedicated channel for responsible reporting. Security correspondence is treated as first-class.
Conservative launch markets
Mainnet opens with a small, curated set of markets using the most conservative feasible parameters and oracles.
The bottom line
SatsTerminal Lending inherits the most rigorously reviewed lending architecture in DeFi, and adds the minimum code needed to make it Bitcoin-native. The fewer moving parts, the less can break.See the risk framework →
Each class of residual risk, how it’s bounded, and what the lender carries.