Security & risk
HoodETF is experimental software that custodies real value. Read this before interacting. Nothing here is financial advice; creators are not licensed advisers.
Design guarantees
The contracts are built so the core deposit/withdraw path is trust-minimized:
- Open, unpausable redemption.
redeemInKindis permissionless and can never be paused — you can always burn shares for your proportional slice of the underlying. - Oracle-free core. Mint and redeem are pro-rata on the vault's real balances. A stale or broken price feed degrades display/zap pricing only; it cannot freeze or misprice a redemption.
- Immutable baskets. Constituents and fees are fixed at deploy. There is no function that lets anyone withdraw another holder's assets or change a basket's rules.
- Atomic creation. Clone + seed + initialize happen in one transaction, so a funded-but-uninitialized (hijackable) basket never exists.
- Reentrancy-guarded mutating entry points; CEI ordering in redeem (state changes before external token transfers).
- Venue allowlist on the zap router excludes USDG, baskets, and constituents, so a swap venue can't be pointed at protected assets.
- Fee caps enforced on-chain: entry ≤ 3%, exit ≤ 1%, management ≤ 3%/yr.
Risks you accept
HoodETF is experimental software. Do not deposit more than you can afford to lose.
Issuer risk
The underlying tokenized stocks are issued by a third party that retains the ability to pause or block token transfers on specific tokens or addresses. A paused constituent can disrupt one-click flows for baskets that hold it; in-kind redemption of the unaffected constituents continues.
Liquidity risk (zaps)
One-click zaps depend on Uniswap v4 liquidity on Robinhood Chain, which is thin for many tokens. Baskets whose constituents lack a usable pool are in-kind only. Even where zaps work, price impact can be several percent — your on-chain minShares/minUsdg floor is the real protection.
Market & smart-contract risk
Basket shares track volatile equities; returns shown are historical and net of fees, not predictions. Contracts are immutable but no code is risk-free.
Oracle staleness
NAV and price-per-share use Chainlink feeds with staleness and sequencer-uptime guards. When a feed is stale, NAV is flagged and understated — it is display/pricing only and never gates redemption.
Reporting
If you find a vulnerability, contact the team via hoodetf.org before disclosing publicly. Responsible disclosure is greatly appreciated.
Regulatory note
Baskets are actively managed bundles of tokenized securities sold for a fee — this is securities-adjacent, and the regulatory landscape is evolving. Interacting with the protocol is at your own risk and responsibility.