Safety

Audits

A plain-language security review summary for Lucida users.

Lucida Security Review Report

This report summarizes the security posture Lucida applies to Vault accounting, user shares, wallet authorization, withdrawals, strategy integration, and operational controls.

It is intended to help users understand the protections built into Lucida and the checks users should perform before signing transactions.

Lucida is designed so users keep control of their wallets, hold Vault-specific Lucida shares, and redeem through wallet-approved on-chain transactions. Lucida support will never ask for a private key or seed phrase.

Report scope

This is a Lucida security review summary. If Lucida publishes an independent third-party audit, that report should be read alongside this page.

Review summary

Review areaSummary
Wallet controlUsers approve deposits and withdrawals from their own wallets. Lucida does not custody user private keys or seed phrases.
Vault ownershipLucida shares represent a user's proportional claim on a specific Vault. SOL Vault shares and USDC Vault shares remain separate.
Asset accountingThe SOL Vault accounts in lamports. The USDC Vault accounts in USDC base units. USD prices are not used for formal Vault settlement.
Withdrawal flowWithdrawals are user-initiated on-chain redemptions. They are not manual administrator requests.
Fee handlingPerformance fees apply only to realized yield where applicable, not to principal. Fee paths are separated from user ownership accounting.
Strategy boundaryStrategy positions are tracked separately from user Lucida shares, so strategy receipt assets do not become user shares.
RoundingShare minting and redemption use integer arithmetic. Smallest-unit rounding is expected and documented.
Support and reportingUsers can contact support@lucidafi.xyz for product questions, transaction questions, documentation issues, or security reports.

Controls reviewed

  • Non-custodial wallet flow. Lucida does not require users to give up wallet control, seed phrases, or private keys.
  • Vault-specific shares. User ownership is tracked through shares in the selected Vault, and shares are not mixed across SOL and USDC.
  • Atomic transactions. Deposits and withdrawals either complete on-chain or fail; they are not partially processed by an off-chain operator.
  • Integer accounting. Vault settlement uses lamports or token base units, with rounding behavior documented for users.
  • Strategy validation. Lucida documents the need to validate strategy programs, mints, token accounts, authorities, and receipt assets before use.
  • Governance boundaries. Governance is separate from user wallet signing and does not directly rewrite individual user share balances.
  • Security support. Security reports should be sent to support@lucidafi.xyz with "Security Report" in the subject line.

What users can rely on

Lucida's core user protection is simple: wallet control stays with the user, Vault ownership is tracked by Lucida shares, and deposits or withdrawals require on-chain transaction approval.

Users should still review the wallet prompt before signing, verify the asset and network, and understand that APY, liquidity, strategy performance, and blockchain conditions can change.

Important limitation

No security review can remove all blockchain, smart contract, strategy, liquidity, market, governance, wallet, or operational risk. Lucida does not guarantee principal, yield, or uninterrupted withdrawals.