M3 is a planned milestone. Features described here are subject to change. The M2 deployment on Sepolia
testnet is the current live version. See M2 Scope for what is available today.
Security
Professional security is the highest priority for M3. The protocol must pass independent review before handling real funds.Professional Smart Contract Audit
Engage 1-2 independent audit firms to review the full contract suite. The audit scope includes all
8 core contracts, the Protocol registry, and all library code. The 550-test suite with 95%+ line
coverage provides auditors with comprehensive test vectors.
Formal Verification
Apply formal verification tools (Certora or Halmos) to critical protocol invariants. Priority
invariants include solvency (pool equity >= 0 under all conditions), margin sufficiency, and
fee distribution correctness.
Bug Bounty Program
Launch a public bug bounty program with tiered rewards for vulnerability severity. The program will
run continuously after mainnet launch to incentivize ongoing security research.
Multi-Sig Governance
Transition admin operations from a single EOA to a multi-signature wallet (e.g., Safe). Critical
operations like mode transitions, parameter changes, and emergency actions will require multiple
signers.
Risk Management
M3 introduces advanced risk controls and broader market coverage.Multiple Markets / Pairs
Expand beyond EUR/USD to additional FX pairs: GBP/USD, USD/JPY, AUD/USD, and more. Each pair
requires its own Pyth price feed, forward price publisher configuration, and risk parameters. The
contract architecture already supports multi-pair registration — this is primarily an operational
and parameter calibration effort.
Cross-Margin & Portfolio Margin
Implement cross-margin (shared margin across multiple positions within the same account) for improved
capital efficiency, where gains on one position can offset losses on another. Longer-term, introduce
portfolio margin with cross-pair netting and scenario-based risk assessment for diversified portfolios.
Multiple Collateral Types
Accept collateral beyond USDC — additional USD-denominated stablecoins (USDT, DAI) and potentially
other approved tokens. Each collateral type requires its own price feed and haircut parameters to
account for depegging risk.
Non-USD Collateral
Support non-USD-denominated collateral assets, enabling participants to post margin in EUR-denominated
stablecoins (e.g., EURC) or other non-dollar assets. This requires real-time collateral valuation
against USD and introduces additional FX risk that must be incorporated into margin calculations.
Dynamic Margin Parameters
Introduce volatility-responsive margin requirements that adjust based on market conditions. Higher
volatility periods would automatically increase initial and maintenance margin factors, reducing
leverage and protecting the pool.
Insurance Fund
Create a dedicated insurance fund to absorb bad debt before it impacts LP share price. Funded by a
portion of liquidation penalties or protocol revenue. Provides an additional buffer between trader
defaults and LP losses.
A proper FX market holiday calendar will also be implemented in M3. This ensures fixing dates correctly
skip bank holidays (not just weekends), aligning with standard FX market conventions for each currency
pair.
Multi-Chain Deployment
Deploy on Ethereum mainnet plus L2 networks (Arbitrum, Base) and additional chains as the protocol sees fit. Each deployment operates independently with its own liquidity pool, oracle configuration, and settlement logic. L2 deployment offers significantly lower gas costs for frequent keeper and publisher transactions while inheriting Ethereum’s security. The final network choice for the initial mainnet deployment depends on gas cost analysis, oracle availability, and user concentration. Subsequent chain deployments will follow based on demand.Operations
Operational maturity is essential for a reliable mainnet deployment.- Keeper Incentives
- Publisher Redundancy
- Monitoring & Alerting
- Key Management
Design and implement onchain economic incentives for keeper operations:
- Liquidation rewards: A portion of the liquidation penalty paid to the liquidator as gas reimbursement and profit incentive
- Settlement rewards: Small bounty for settling matured positions, ensuring timely settlement even without an official keeper
- Competitive keepers: Open keeper participation to any address, creating a competitive market for settlement and liquidation execution
Infrastructure
Canonical USDC Integration
Canonical USDC Integration
Replace MockUSDC with Circle’s canonical USDC contract on the target network. This requires
verifying compatibility with the ERC-4626 vault (USDC uses 6 decimals, same as MockUSDC) and
testing edge cases around USDC’s blocklist and admin functions.
Persistent Rate Limiting
Persistent Rate Limiting
Implement Redis-backed rate limiting (Upstash Redis) for the x402 API and MCP server. M2 uses
in-memory rate limiting which resets on service restart. Persistent rate limiting ensures fair
usage across service deployments.
CI/CD Pipeline
CI/CD Pipeline
Automated deployment pipeline for contract upgrades (new deployments, not proxy upgrades):
- Automated Foundry test suite execution
- SDK regeneration and verification
- Subgraph ABI sync and deployment
- Frontend deployment with updated addresses
- Deployment artifact archival and verification
Timeline
The general sequencing is:| Phase | Activities |
|---|---|
| Pre-Audit | Cross-margin implementation, additional pairs, insurance fund, operational tooling |
| Audit | 4-8 week audit engagement with 1-2 firms, concurrent formal verification |
| Remediation | Fix all audit findings, re-verify critical changes |
| Staging | Full deployment rehearsal on testnet with production configuration |
| Launch | Mainnet deployment with monitoring, gradual parameter relaxation |
Related Pages
M2 Scope
What is currently live on Sepolia.
Future Vision
Long-term protocol vision beyond M3.