Security & risk

HoodETF is experimental software that custodies real value. Read this before interacting. Nothing here is financial advice; creators are not licensed advisers.

Design guarantees

The contracts are built so the core deposit/withdraw path is trust-minimized:

  • Open, unpausable redemption. redeemInKind is permissionless and can never be paused — you can always burn shares for your proportional slice of the underlying.
  • Oracle-free core. Mint and redeem are pro-rata on the vault's real balances. A stale or broken price feed degrades display/zap pricing only; it cannot freeze or misprice a redemption.
  • Immutable baskets. Constituents and fees are fixed at deploy. There is no function that lets anyone withdraw another holder's assets or change a basket's rules.
  • Atomic creation. Clone + seed + initialize happen in one transaction, so a funded-but-uninitialized (hijackable) basket never exists.
  • Reentrancy-guarded mutating entry points; CEI ordering in redeem (state changes before external token transfers).
  • Venue allowlist on the zap router excludes USDG, baskets, and constituents, so a swap venue can't be pointed at protected assets.
  • Fee caps enforced on-chain: entry ≤ 3%, exit ≤ 1%, management ≤ 3%/yr.

Risks you accept

HoodETF is experimental software. Do not deposit more than you can afford to lose.

Issuer risk

The underlying tokenized stocks are issued by a third party that retains the ability to pause or block token transfers on specific tokens or addresses. A paused constituent can disrupt one-click flows for baskets that hold it; in-kind redemption of the unaffected constituents continues.

Liquidity risk (zaps)

One-click zaps depend on Uniswap v4 liquidity on Robinhood Chain, which is thin for many tokens. Baskets whose constituents lack a usable pool are in-kind only. Even where zaps work, price impact can be several percent — your on-chain minShares/minUsdg floor is the real protection.

Market & smart-contract risk

Basket shares track volatile equities; returns shown are historical and net of fees, not predictions. Contracts are immutable but no code is risk-free.

Oracle staleness

NAV and price-per-share use Chainlink feeds with staleness and sequencer-uptime guards. When a feed is stale, NAV is flagged and understated — it is display/pricing only and never gates redemption.

Reporting

If you find a vulnerability, contact the team via hoodetf.org before disclosing publicly. Responsible disclosure is greatly appreciated.

Regulatory note

Baskets are actively managed bundles of tokenized securities sold for a fee — this is securities-adjacent, and the regulatory landscape is evolving. Interacting with the protocol is at your own risk and responsibility.