DYAD
About
DYAD is a decentralized stablecoin protocol that issues DYAD stablecoins against collateral. Users mint DYAD by depositing assets like ETH into vaults managed by dNFTs (dynamic NFTs), which grant minting rights. The protocol features KEROSENE as a governance and utility token within its ecosystem.
Where Does Yield Come From?
Yield in the DYAD ecosystem comes from a few connected sources.
Users create DYAD stablecoins by depositing collateral—mainly ETH—into vaults. They use dNFTs (dynamic NFTs) as a kind of license that grants the right to mint these coins.
The protocol has its own token called KEROSENE. Its value is determined by a straightforward calculation: (the total value of all locked assets minus the total supply of DYAD) divided by the supply of KEROSENE. This figure represents the protocol's equity. KEROSENE holders can earn income through protocol fees or by staking their tokens. The system also includes contracts that allow staking of liquidity provider (LP) tokens to generate yield.
DYAD enforces safety rules, often referred to as the "dollar rule," that limit how much can be minted or withdrawn. This helps maintain healthy collateralization levels. A key part of this is the Minimum Collateralization Ratio (MCR), which ensures every vault stays backed by at least 1.5 times the value of the DYAD it has issued.
The main sources of yield are:
- Minting fees – charges for creating new DYAD.
- Liquidation penalties – fees from settling under‑collateralized vaults.
- Staking rewards – earnings for locking up KEROSENE tokens or LP tokens.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
0x5217-03-2023 |
| The audit found only one medium-severity issue related to oracle decimal handling, which was reportedly fixed before deployment, indicating a generally secure codebase with limited vulnerabilities identified. |
Philogy28-11-2023 - 01-12-2023 |
| The audit revealed significant access control risks requiring multisig oversight and several critical/core vulnerabilities, most of which were promptly fixed before deployment, though some design-level concerns around licenser privileges remain acknowledged for future mitigation. |
Hunter Security27-03-2024 - 30-03-2024 |
| The audit uncovered critical precision and calculation errors that were resolved, though the system remains heavily centralized with residual design risks acknowledged in the low-severity finding. A follow-up audit of the full system is planned before deployment to address uncovered vulnerabilities. |
Code4rena18-04-2024 - 25-04-2024 |
| This audit reveals critical design flaws and implementation vulnerabilities in DYAD's vault licensing, liquidation mechanisms, and kerosene collateral handling, indicating the protocol requires substantial fixes before it can be considered safe for deployment. |
Shieldify02-06-2024 |
| The audit revealed significant decimal-handling flaws in collateral calculations that could affect protocol stability, with critical and high issues addressed through fixes or acknowledgment by the development team. |
Al-Qa'qa'13-06-2024 - 17-06-2024 |
| The audit revealed critical vulnerabilities in the liquidation and upgrade mechanisms, all of which were promptly addressed by the DYAD team, resulting in a substantially safer protocol implementation following the remediation. |
Al-Qa'qa'08-07-2024 - 10-07-2024 |
| The audit found multiple critical logic flaws in kerosene tracking and XP initialization that were fully resolved before deployment, resulting in a codebase with addressed security concerns but requiring careful monitoring of the fixed implementations. |
Al-Qa'qa'17-08-2024 - 18-08-2024 |
| This focused security review found one medium-severity logic bug that has been fixed, with no high or critical vulnerabilities identified in the limited scope, suggesting the reviewed components have basic safety controls in place. |
Legal
Status and notes
No legal entity information disclosed on official sources. Main website has certificate issues and redirects to unrelated content. Documentation site returns "Content owner not found". No imprint, terms, privacy or legal disclosure pages accessible.