Please do not open a public issue for security problems. Email security@vaultex.dev (or open a private GitHub security advisory) with steps to reproduce. We aim to acknowledge within 72 hours.

• No custodial admin. There is no function that lets any account drain pool funds. Tokens move only on user-initiated deposit/withdraw, borrow/repay, or a liquidation of a genuinely unhealthy position.
• Authorization. Every mutating call requires the caller's require_auth() — lender for deposit/withdraw, borrower for collateral/borrow/repay, liquidator for liquidate.
• Solvency guards. Borrows and collateral withdrawals are checked against the LTV limit; withdrawals are bounded by free liquidity; liquidation requires the position to be past the liquidation threshold.
• Interest integrity. Interest accrues linearly per position and is added to the pool on repayment, so lender share value reflects real repaid interest.
• Integer safety. The release profile enables overflow-checks.
• Storage rent. Positions and share balances are TTL-bumped on access.

• Assumes a 1:1-valued stablecoin pair; non-stablecoin markets need a price oracle.
• Flat APR rather than a utilization-curve (jump-rate) model.
• Liquidation has no close factor (a liquidator may repay the full debt at once).
• Single market only; no reserve factor / protocol treasury yet.

19 unit tests cover deposits/withdrawals and share math, collateralized borrow/repay, LTV enforcement, linear interest accrual over time, interest flowing to lenders, and liquidation of unhealthy positions. CI runs cargo test, clippy -D warnings, and cargo fmt --check on every PR.