Last updated: March 7, 2026

Risk Disclosures

1. Introduction

This document describes the material risks associated with using the RAVA protocol, a non custodial, open source liquidation vault protocol for tokenized real world assets ("RWAs"). These disclosures apply to all vaults and related functionality (collectively, the "Services"). By interacting with the protocol, you acknowledge that you have read, understood, and accepted the risks described herein.

2. Non Custodial and Open Source

RAVA is non custodial. Your assets remain in smart contracts that only you can withdraw from. Neither RAVA Foundation nor Ravariant Labs has custody, possession, or control of your digital assets at any time. The protocol smart contracts are open source, deployed on public blockchains, and operate autonomously. Anyone can verify the code, audit the logic, and interact with the contracts directly without using the interface.

While the non custodial and open source design eliminates counterparty custody risk, it also means that no one can reverse transactions, recover lost keys, or freeze assets on your behalf. You are solely responsible for the security of your wallet and private keys.

3. General Risks

  • Cryptocurrency Volatility. The value of digital assets can fluctuate dramatically. You may lose all or substantially all of the value of assets deposited into the protocol.
  • Regulatory Uncertainty. The legal status of decentralized finance protocols and tokenized RWAs varies by jurisdiction and is evolving. Changes in law or enforcement could affect the protocol or your ability to use it.
  • Technological Risk. Blockchain networks are subject to congestion, downtime, forks, and disruptions beyond the control of RAVA Foundation.
  • Counterparty Risk. Tokenized assets reference offchain assets managed by third parties. The performance and solvency of these managers are outside the control of RAVA Foundation.

4. Smart Contract Risks

The protocol is composed of smart contracts that undergo internal review and, where applicable, independent third party security audits. No audit can guarantee the absence of bugs or exploits. Risks include:

  • Undiscovered vulnerabilities that could result in partial or total loss of deposited assets.
  • Reentrancy attacks, overflow errors, access control failures, and other exploit classes.
  • Risks from interactions between RAVA contracts and external contracts or token standards.

Smart contract exploits may be unrecoverable. RAVA Foundation bears no liability for losses arising from such events.

5. Oracle and Pricing Risks

RAVA relies on a risk pricing oracle developed by Ravariant Labs. The oracle maps each tokenized asset to proxy baskets of publicly traded equivalents (BDCs, CEFs, mREITs) and adjusts with live onchain signals including redemption activity, NAV buffers, and supply changes. Pricing risks include:

  • Model Risk. The oracle is a quantitative estimate. Outputs may diverge from true fair value, particularly for illiquid assets. As a single engine provider, there is model concentration risk.
  • NAV Staleness. NAV feeds for tokenized assets may not update in real time. Stale data can result in mispriced liquidations or inaccurate vault valuations.
  • Oracle Manipulation. Although safeguards exist, oracle feeds may be subject to manipulation or data feed interruptions.

6. Liquidation and Market Risks

  • Discount Widening. Tokens may trade at a discount to NAV. Discounts may widen during periods of market stress or redemption pressure, resulting in vault losses.
  • Redemption Delays. Redemption of underlying assets may be subject to notice periods, gating mechanisms, or lock up restrictions imposed by underlying managers. Vaults holding tokens during redemption delays may experience temporary illiquidity.
  • Credit Risk. Underlying RWAs may include debt instruments. Default or deterioration in credit quality may reduce the value of tokens held by the vault.
  • Illiquidity. Tokenized RWAs may have limited secondary market liquidity. Vaults may be unable to exit positions at desired prices or within desired timeframes.

7. Vault Specific Risks

7.1 Main Vault (CVaR 97.5)

The Main Vault accepts USDC deposits and purchases liquidated RWA tokens across all listed assets at risk adjusted discounts using CVaR 97.5 (Basel III standard). Idle capital earns yield in tokenized treasuries.

  • NAV Impairment. If underlying assets suffer a loss event, the vault takes a loss. There is no first loss capital buffer in the Main Vault.
  • Withdrawal Delays. If the vault is heavily deployed in liquidated tokens or treasury positions, withdrawals depend on position liquidation.
  • Concentration Risk. Adverse developments in a single asset may disproportionately affect vault performance.

7.2 Asset Manager Vaults (CVaR 90-95)

Asset Manager Vaults focus on specific assets (such as mF-ONE or mGLOBAL) and use CVaR 90-95 for pricing. These vaults include first loss capital contributed by the asset manager, which absorbs initial losses before depositor capital is affected.

  • First Loss Exhaustion. If losses exceed the first loss capital, depositor funds are at risk. First loss capital is not a guarantee against all losses.
  • Single Asset Concentration. Asset Manager Vaults typically hold a single asset class, resulting in higher concentration risk compared to the Main Vault.
  • Manager Dependency. The first loss capital and vault operation depend on the asset manager. If the manager withdraws support, the vault's risk profile changes.
  • Withdrawal Delays. Same liquidity constraints as the Main Vault apply.

8. Receipt Token Risks

Depositing USDC into a vault issues receipt tokens (rvUSDC, rvmFONE, rvmGLOB) representing your proportional share.

  • Value Fluctuation. Receipt tokens are not stablecoins. Their value reflects the vault's net asset value, which may increase or decrease.
  • Redemption Risk. Redeeming receipt tokens for USDC depends on vault liquidity. In stressed conditions, redemptions may be delayed.
  • No Secondary Market Guarantee. There is no guarantee that receipt tokens will be tradeable on any secondary market.

9. Idle Capital and Treasury Risks

Vault capital not deployed in liquidations is allocated to tokenized treasury instruments to generate base yield. These instruments carry their own risks:

  • Treasury Instrument Risk. Tokenized treasuries depend on the solvency and operations of their issuers.
  • Yield Variability. Base yield from treasury positions may fluctuate and is not guaranteed.
  • Liquidity Mismatch. If a large liquidation occurs while capital is deployed in treasuries, there may be a delay in funding the liquidation.

10. Third Party Risks

  • Underlying Fund Managers. Tokenized assets represent interests managed by third parties. Mismanagement, fraud, or insolvency could result in total loss.
  • Payment Networks and Custodians. Settlement and custody of underlying assets depend on traditional financial infrastructure.
  • Infrastructure Providers. The protocol relies on blockchain networks, RPC providers, and other infrastructure that may experience downtime or degradation.

11. User Responsibility

  • Self Custody. You are solely responsible for your private keys, wallets, and credentials. RAVA Foundation does not custody assets, cannot recover lost keys, and cannot reverse onchain transactions.
  • Own Research. You must conduct independent due diligence before depositing into any vault or transacting in any asset. Nothing provided by RAVA constitutes a recommendation.
  • Transaction Finality. Transactions are irreversible once confirmed onchain. Verify all details before submission.
  • Compliance. You are responsible for ensuring your use complies with all applicable laws in your jurisdiction.

12. No Professional Advice

Nothing in the RAVA protocol, its documentation, or interfaces constitutes financial, investment, legal, or tax advice. Consult qualified advisors regarding your specific circumstances.

13. Risk Mitigation

RAVA Foundation employs measures to reduce risk, including:

  • Security Audits. Smart contracts undergo internal review and independent audits. Reports are published where permitted.
  • Open Source. All protocol code is published under open source licenses for independent verification and community review.
  • Public Methodology. Risk pricing methodology and protocol mechanics are documented and published.
  • Model Validation. The risk oracle undergoes backtesting, stress testing, and validation against historical proxy basket data.
  • Monitoring. Automated systems track protocol health, pricing anomalies, and unusual activity.
  • First Loss Capital. Asset Manager Vaults include first loss capital from asset managers, providing an additional loss buffer for depositors.

14. Assumption of Risk

By using the RAVA protocol, you acknowledge and assume all risks described in these disclosures. To the fullest extent permitted by law, RAVA Foundation and its affiliates shall not be liable for any damages arising from your use of the protocol, including loss of funds, loss of profits, or business interruption.

These Risk Disclosures may change at any time without notice. Continued use of the protocol constitutes acceptance. For questions, contact RAVA Foundation at legal@rava.money.