Sky Protocol
About
Sky.money is a non-custodial interface for Sky Protocol, offering a suite of stablecoin yield products including sUSDS (yield-generating stablecoin), stUSDS (risk capital lending), Sky Vaults (curated third-party strategies), and Sky Ecosystem Rewards (partner token rewards). It provides diversified yield options across risk profiles for users seeking to earn on stablecoins like USDS, USDC, and USDT.
Where Does Yield Come From?
Sky Protocol generates yield through four main methods:
-
sUSDS earns a set rate called the Sky Savings Rate (SSR). This rate is decided by governance (SKY token holders) and is backed by a network of independent managers (Sky Agents) who handle protocol revenue from high-quality collateral and strategies. The SSR does not depend on how much the pool is used, it automatically compounds into your sUSDS balance, and there are no fees.
-
stUSDS provides a dynamic yield that changes with demand. Your capital helps fund loans for people who stake SKY tokens. When the lending pool is busy, returns are higher; when idle, your capital earns the SSR instead. This is a separate, higher-risk pool because your returns are tied to SKY token price changes.
-
Sky Vaults are pre-selected third-party strategies (managed by Morpho) that lend or provide liquidity in various markets. Their returns vary based on how those specific markets perform and how much they are used.
-
Sky Ecosystem Rewards give you extra tokens or points from partner projects, proportional to how much USDS you supply. These rewards are handed out by Sky Agents and ecosystem partners.
All these yields are variable—they can go up or down—and are not guaranteed. They are ultimately determined either by governance votes or by how well the underlying strategies perform.
Persons
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
ChainSecurity12-08-2025 |
| ChainSecurity's audit found no critical or high-severity vulnerabilities, concluding the stUSDS codebase offers high security, though depositors remain exposed to slashing and liquidity risks inherent in the design. |
Cantina28-07-2025 - 08-08-2025 |
| The audit found only one informational issue, which the team acknowledged, and concluded that all issues were addressed with no new vulnerabilities identified. The protocol's security posture appears robust following the review. |
ChainSecurity17-03-2025 |
| The audit identified no security vulnerabilities, concluding the codebase provides a high level of security, though governance should consider the noted design trade-offs regarding lift cooldown and emergency spell batching. |
ChainSecurity20-09-2025 |
| The audit found no critical or high-severity vulnerabilities, with all identified issues being low-risk or informational, indicating a robust security posture for the Lockstake smart contracts. The resolved low-severity issue was corrected, and the remaining open low-severity findings are acknowledged by the Sky team as acceptable validation gaps. |
ChainSecurity11-05-2023 - 03-06-2025 |
| ChainSecurity's audit found no critical or high-severity issues, with four low-severity findings resolved. The codebase provides a high level of security for the Sky Protocol token rebrand and converter system. |
ChainSecurity05-03-2025 - 22-04-2025 |
| ChainSecurity's audit found no critical or high severity issues, affirming a high level of security for the Sky VoteDelegate smart contracts. The report highlights appropriate trust assumptions and notes the flashloan protection mechanisms inherent in the integrated chief contracts. |
ChainSecurity12-04-2025 - 24-04-2025 |
| The audit found no vulnerabilities in the Sky Chief migration smart contracts, concluding the codebase provides a high level of security, though successful migration depends on careful coordination and timeline adherence to mitigate governance risks. |
ChainSecurity02-05-2023 - 13-01-2026 |
| The audit uncovered several high and low severity issues that were all addressed through code corrections or accepted risks, leading ChainSecurity to conclude that the codebase provides a high level of security. |
Cantina14-04-2025 - 15-04-2025 |
| This audit found only minor informational issues, all acknowledged but not fixed, indicating low immediate risk but potential need for follow-up remediation. |
Cantina18-04-2025 - 23-04-2025 |
| The audit found only minor informational issues, all of which were addressed, indicating a robust security posture for the lockstake protocol at the time of review. |
Cantina17-04-2025 - 17-04-2025 |
| The audit identified only informational issues, indicating the token conversion changes pose minimal security risk; however, the limited scope and lack of fixed findings suggest further validation may be warranted before deployment. |
Cantina16-04-2025 - 16-04-2025 |
| The review found only a minor gas optimization suggestion, which was promptly addressed, indicating the vote-delegate contract is secure with no material vulnerabilities. |
Cantina24-04-2025 - 25-04-2025 |
| The audit found zero security vulnerabilities, indicating the chief-migration code appears secure based on Cantina's review, though subsequent changes would require re-evaluation. |
ChainSecurity16-10-2023 - 03-07-2024 |
| The audit found no critical or high-severity issues, with all low-severity findings either resolved or risk-accepted, indicating a high level of security for the PSM Lite implementation. |
Cantina19-10-2023 - 25-10-2023 |
| The audit found no critical or high-severity vulnerabilities, only low-risk and informational issues that were acknowledged by the protocol team, indicating a relatively secure implementation with minor edge-case considerations. |
ChainSecurity04-09-2024 |
| ChainSecurity's audit of Sky Protocol's USDS stablecoin and converter found four low-severity documentation issues, all resolved, with no critical, high, or medium vulnerabilities remaining. The codebase demonstrates a high level of security for the stablecoin and permissionless converter system. |
ChainSecurity04-09-2024 |
| The audit found a high level of security in the Sky token and converter, but the limited conversion of the PDF prevents a full enumeration of findings and their severities. |
ChainSecurity04-09-2024 |
| ChainSecurity's audit found only low-severity deployment script issues that were resolved before the report, resulting in a high-security assessment for the Sky protocol's deployment scripts. |
ChainSecurity30-09-2024 |
| The audit identified only minor informational issues, all of which were resolved, indicating a high level of security for the Savings USDS implementation. |
ChainSecurity13-01-2026 |
| The audit found no critical or high-severity open issues, with only a low-severity precision loss risk accepted by the team, indicating a robust security posture for the Endgame Toolkit contracts. |
ChainSecurity08-04-2024 - 27-08-2024 |
| The audit found no critical or high-severity vulnerabilities, with only low-severity issues remaining open, indicating a relatively secure implementation pending validation of deployment parameters. |
| The audit report could not be retrieved because the linked PDF file is missing from the repository, preventing any assessment of findings or security posture. | |
ChainSecurity27-07-2023 |
| The audit found no security vulnerabilities, affirming the FlapperUniV2SwapOnly contract's robust design, though a noted MEV sandwich risk represents a predictable economic trade-off within the system's parameters. |
ChainSecurity06-06-2023 |
| The audit found no critical or high-severity vulnerabilities, with only minor gas optimizations and informational issues resolved, indicating a robust security posture for the FlapperUniV2 contract. |
| The audit document is unavailable, so no findings can be assessed; the protocol's security posture relative to this specific report cannot be determined. | |
Cantina20-09-2023 - 21-09-2023 |
| The review found no critical, high, medium, or low severity vulnerabilities, only informational best-practice suggestions, all of which were resolved before the final report. |
Cantina13-05-2024 - 14-06-2024 |
| The audit found no security vulnerabilities, only minor gas optimization and informational improvements, indicating a robust security posture for the NST changes. |
Cantina18-09-2023 - 19-09-2023 |
| The audit revealed only informational best-practice recommendations, all of which were promptly addressed, indicating a secure codebase with no material security vulnerabilities at the time of review. |
Cantina26-09-2024 |
| The audit concluded with zero findings across all severity levels, indicating the sUSDS token implementation was deemed secure at the time of review. |
Cantina22-09-2023 - 25-09-2023 |
| The audit found no critical or high severity vulnerabilities, with the single medium risk being acknowledged and manageable via workarounds. The overall security posture is solid, with low and informational issues largely addressed or accepted as known limitations. |
Cantina09-09-2024 |
| The review found only low-risk and informational issues, all of which were resolved or acknowledged, indicating a robust security posture for the Endgame Toolkit updates at the time of assessment. |
Cantina20-05-2024 - 30-05-2024 |
| The audit found no critical or high severity vulnerabilities, with only one low-risk issue and several gas optimizations and informational improvements, indicating a relatively secure codebase for the Lockstate Engine. |
Cantina31-05-202404-06-202403-07-2024 |
| The review found no critical or high-severity vulnerabilities, with only a low-risk statistical lock-blocking issue and minor gas/informational improvements, all of which were addressed or acknowledged by the Maker team. |
Cantina25-08-202409-09-2024 |
| The audit confirms that the updates to the vote-delegate contract introduce no new vulnerabilities, maintaining the security posture established in prior audits. |
Cantina05-06-2024 - 11-06-2024 |
| The audit found no security vulnerabilities, only gas optimizations and informational recommendations, indicating the dss-flappers codebase is secure from a security perspective. |
ABDK08-06-2021 |
| The audit identified only minor code quality and procedural issues, with no critical or high-severity vulnerabilities, indicating a relatively safe codebase but with room for improvement in style and best practices. |
Sherlock05-08-2024 |
| The audit document is unreadable due to conversion issues, so no concrete safety assessment can be derived; the report appears to cover MakerDAO Endgame with mentions of governance attacks and medium-severity findings. |
Trail of Bits29-07-2019 - 30-08-2019 |
| The audit uncovered no critical or high-severity vulnerabilities, with two medium-severity issues and several low/informational findings; the codebase was generally clean and well-specified, though some design risks around auctions and permission complexity remain. |
PeckShield04-10-2019 |
| The audit uncovered 16 findings, including one high-severity vulnerability in auction kick-off authorization, all of which were promptly addressed, reflecting a well-designed but complex system with robust remediation. |
Quantstamp10-02-2021 - 10-03-2021 |
| The audit revealed no critical or high-severity vulnerabilities, with most medium and low issues acknowledged by the team; the liquidations system appears reasonably secure but relies on careful parameter management and governance oversight. |
Trail of Bits01-03-2021 - 19-03-2021 |
| The audit found no critical or high-severity vulnerabilities, indicating a relatively secure codebase with robust architectural design. However, several medium-severity data validation issues require addressing before deployment to ensure proper handling of edge cases and parameter updates. |
ChainSecurity16-04-2021 |
| The audit revealed several medium and low severity issues, all of which were resolved prior to the final report, indicating a comprehensive review and effective remediation process for the Liquidations 2.0 system. |
Gauntlet06-04-2021 |
| The economic simulation report is unavailable for review, so no security assessment can be derived from this document. |
Backers
In March 2026, a $134 million private placement investment was made into Stablecoin Development Corporation (formerly NovaBay Pharmaceuticals), a public company that holds SKY tokens. The investors in this round were R01 Fund LP, Framework Ventures, Tether Investments, S.A. de C.V., and Sky Frontier Foundation. This transaction provided the company with approximately $134 million in gross proceeds, which included cash, stablecoins, and SKY tokens valued at approximately $58 million. The investment was structured with tiered warrant exercises over approximately 9.9 months to promote orderly market dynamics.
The Sky Ecosystem website also displays logos of institutional partners including Apollo, BlackRock, Coinbase, BNY Mellon, Galaxy, Better, and Janus Henderson, which appear to be partners or clients of Sky Agents rather than direct investors in Sky Protocol.