Go to Home
Web3 security pattern.
Blog
Web3 security pattern.
Cantina × Euler 2025: Modular Lending, Secured
Why Cantina spotlighted Euler in 2025: modular lending, isolated markets, and permissionless systems that remain governable under stress.

Cantina × Euler 2025: Modular Lending, Secured

Paul
December 4, 2025
2025 Spotlights

Euler spent 2025 doing something hard: turning a very flexible lending design into infrastructure that security teams, DAOs, and institutions can reason about.

Euler v2 is a modular lending platform built around two core components: the Euler Vault Kit (EVK), which lets teams deploy and chain together custom ERC-4626-based lending vaults, and the Ethereum Vault Connector (EVC), an immutable primitive that lets those vaults be used as shared collateral across the system. On top of that sit components like the Euler Price Oracle, Reward Streams, Fee Flow, Euler Earn, and EulerSwap, each extending the design space while keeping risk local to clearly defined surfaces.

To match that ambition, Euler and Cantina ran one of the largest security programs in DeFi. That included a $7.5M USDC + rEUL + USUAL bug bounty, a large-scale competition, and targeted reviews of core components like EulerSwap. The goal was simple: pressure-test a permissionless lending system that intentionally pushes complexity to the edge, without losing control of how risk behaves.

This recap looks at how Euler’s architecture works, what 2025 taught us about security for permissionless lending, and what we expect in 2026 from organizations building on or learning from this model.

Euler’s architecture: configurable lending with guardrails

Euler’s lending primitive is a configurable vault, not a monolithic pool. Markets are isolated by design, with risk parameters set per market instead of globally. That lets teams dial collateral factors, borrow caps, and interest curves to the specific asset they care about, instead of forcing everything into the same risk template.

The Euler Vault Kit (EVK) packages this into “credit vaults,” ERC-4626 vaults with borrowing functionality. These vaults act as passive lending pools rather than actively managed strategies. Protocols can deploy vaults for their own assets, configure the interest model and collateralization rules they want, and plug those vaults into broader systems.

The Ethereum Vault Connector (EVC) is the coordination layer. It mediates interactions between vaults, lets positions span multiple vaults, and enables cross-vault collateral use. The EVC gives Euler the ability to support complex position topologies without forcing that complexity into every vault’s core logic.

Around this core, several components handle pricing, incentives, and flows:

  • The Euler Price Oracle provides modular adapters for Chainlink, Chronicle, RedStone, and Pyth, routing quotes through a dispatcher that can also price ERC-4626 shares via convertToAsset.

  • Reward Streams generalize the “billion-dollar algorithm” for proportional reward distribution, supporting staking and non-staking use cases across multiple reward tokens.

  • Fee Flow converts fee assets into a single token using a continuous, auto-adjusting Dutch auction, making fee handling MEV-resistant and capital-efficient.

  • Euler Earn sits on top of ERC-4626 strategies, including EVK vaults, to provide permissionless risk curation and passive yield.

  • EulerSwap, built on EVK and EVC, combines AMM functionality, lending yield, and borrow-against-LP capability in one account, including support for just-in-time liquidity and Uniswap v4-style hooks.

The result is not a minimal protocol. Euler deliberately exposes a wider design space: long-tail asset markets, ecosystem-specific lending, and capital-efficient trading flows. The security question is how to keep that level of flexibility observable and governable.

Permissionless, but not unbounded

The Euler v2 design is built around a tension: give market creators room to configure behavior, while keeping enough structure that risk remains measurable.

Isolated markets are the primary guardrail. Each market carries its own parameters and liabilities, which reduces the chance that a failure in one market cascades across the entire system. Correlation and cross-collateral still matter, but they are explicit modeling problems rather than hidden coupling.

Euler supplements this with:

  • Soft liquidations, where undercollateralized positions are unwound progressively instead of through cliff-edge events. Liquidation discounts increase as a position’s health worsens, which incentives timely action without forcing sudden, full liquidations.

  • Upgrade mechanisms with time-delayed governance, giving users and integrators a window to assess proposed changes before they take effect.

  • Role and risk tiering, so more volatile assets can carry stricter constraints while more stable assets can be treated more leniently.

The intent is clear: Euler does not avoid complexity; it makes complexity explicit. That positioning shaped how we approached security in 2025.

Security, stress-tested in the open: Cantina x Euler

Euler's Security Journey in 2025

Euler’s security work with Cantina has never been limited to a single audit. For v2, security was treated as a continuous lifecycle.

Cantina and Euler coordinated:

  • A targeted audit of Euler’s core trading primitive, EulerSwap.

  • One of DeFi’s largest security competitions, with over 600 participants contributing through Cantina’s platform.

  • Design and administration of the organization’s second-largest bug bounty to date, structured to support ongoing, real-world review.

  • A live mainnet CTF with $500,000 at stake, designed to test exploitability under real liquidity.

Across formal audits, adversarial testing, and open submissions, no high or medium severity issues were discovered in the surfaces under review. 

The 7.5M USDC + rEUL + USUAL bug bounty expanded this surface further. The bounty served both as a continuous review channel and as a forcing function for detailed public scrutiny of EVK, EVC, and supporting components.

For us, Euler v2 became a template for how to run security on a protocol that intentionally invites experimentation: multiple review types, clear scopes, transparent results, and incentives aligned with the most critical components of the system.

If you’d like to dive deeper:

You can explore the full Euler × Cantina case study, browse the security competition details, or view the leaderboard of contributors from the community review.

Lessons from 2025: security for modular lending

Working with Euler in 2025 surfaced several lessons that matter.

  1. Make flexibility observable.
    Isolated markets, clear parameter surfaces, and soft liquidation rules made it easier to reason about risk per market instead of treating the system as an opaque pool. That observability is essential when new markets and vault configurations can appear permissionlessly.

  2. Design security thinking around architecture.
    Audits that focused only on individual contracts would have missed important questions: how do cross-collateral positions behave under correlated stress, how fast can markets be created, how are new parameters communicated, and how does governance timing interact with exploit windows. Euler’s layered security framing, from smart contracts to market behavior and upgrade governance, matched the shape of the protocol itself.

  3. Use open programs to test live assumptions.
    The combination of formal audits, competitions, the large bug bounty, and the live CTF did more than catch issues. It validated that core assumptions about liquidation behavior, oracle handling, and vault interactions still held when the broader research community tried to break them. That kind of validation is increasingly important for protocols that want institutional and ecosystem-level trust.

  4. Treat risk localization as a first-class security feature.
     Euler’s isolated markets and modular configuration are not just product features; they are security tools. They make it possible to test new assets or strategies without dragging the entire protocol into the same risk regime, and they give security teams precise surfaces to monitor and simulate.

Those lessons are now informing how we approach other modular lending and collateral systems. They also set expectations for how Euler and similar projects should evolve their security posture in 2026.

2026: expectations for organizations building on Euler-style systems

Looking forward, we expect organizations engaging with Euler or similar architectures to move in several directions.

  1. More rigorous market-level risk frameworks.
    Isolated markets make it easier to spin up new lending pairs, but they also require better discipline. DAOs and teams launching markets should pair parameter choices with explicit stress scenarios and monitoring plans, rather than treating configuration as a one-time event.

  2. Integrated monitoring and stress testing.
    With richer components like Fee Flow, Reward Streams, or EulerSwap in play, organizations will need tooling to simulate cross-component interactions under stress. Euler’s segmented risk architecture already supports this kind of analysis; we expect more teams to use it actively.

  3. Formalized open review as part of governance.
    Competitions, bounties, and CTFs proved their value in 2025. In 2026, we expect protocols to enshrine threat detection and monitoring as part of their standard governance and upgrade process, rather than treating them as one-off campaigns.

  4. Closer alignment with institutional security expectations.
    Institutions evaluating permissionless lending systems will look for documented risk models, upgrade discipline, telemetry for market behavior, and a history of serious external review. Euler already speaks this language. Organizations that want to be taken seriously at scale will need to do the same.

Cantina’s role is to stay embedded in that loop: auditing new components, running open programs when they make sense, and helping Euler’s contributors and users keep risk visible as the design space expands.

Closing

Euler’s 2025 work shows what permissionless lending can look like when configurability and security are treated as shared priorities, not opposing forces. The architecture makes risk local and observable. The security program matched that with layered, open review.

As more teams adopt Euler-style patterns or depend on Euler markets in their own protocols, the standard for security will need to rise with the complexity. Our job is to help make sure those standards are clear, enforceable, and actually used.

If your organization is designing a modular lending system, integrating with Euler, or planning a large-scale security program around permissionless markets, contact our team and we will help you scope, test, and harden your security model.

FAQ

No items found. This section will be hidden on the published page.