Is Camelot Safe?
Risk Grade: B (23/100)
Camelot is rated as moderate risk — some novel mechanisms, generally well-understood.
Moderate risk — strong Arbitrum ecosystem position but closed-source code and no bug bounty create a blind spot for security
The main decentralized exchange on Arbitrum, offering token swaps and liquidity pools with about $100M in deposits. Over 75 partner protocols use it for liquidity. Its B- grade reflects a closed-source codebase with no bug bounty program, meaning security researchers have no incentive to find bugs before hackers do.
TVL
$20M
Mechanisms
7
Interactions
5
Value Grade
B-
Key Risks for Camelot Users
The code is not public and there is no bug bounty program. If someone finds a vulnerability, they have every incentive to exploit it rather than report it
The trading engine relies on Algebra V2, a third-party library. A bug in Algebra would directly drain Camelot's pools, similar to how Curve lost $73M from a compiler bug
Only 18,386 GRAIL tokens circulate out of 73,506 total. This thin liquidity means a small buyer could manipulate the governance token price or capture the protocol cheaply
Top Risk Factors
- •No public GitHub codebase and no bug bounty program limit independent security review and vulnerability discovery
- •Concentrated liquidity V3 AMM relies on Algebra V2 implementation, inheriting third-party dependency risk
- •Extremely low GRAIL circulating supply (18K of 73K total) creates thin governance token liquidity and price manipulation risk
How Camelot Compares to Peers
Camelot ranks #7 of 111 DEX protocols (top quartile — safer than most). At a risk score of 23/100, it's 11 points safer than the sector average of 34/100.
Adjacent peers: XRPL DEX (B, 21/100) is ranked just safer, and DeepBook V3 (B, 23/100) is ranked just riskier.
See the full DEX sector leaderboard or the Camelot vs DeepBook V3 comparison.
Common Questions about Camelot
Plain-English answers based on Camelot's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Vitality Risk (6/10).
Has Camelot ever been hacked or exploited?
Camelot has no recorded incidents in Hindenrank's track record dimension (scored 0/15). This is the strongest possible signal on this dimension, but the protocol may simply be too new or too small to have been stress-tested.
How much money is at stake in Camelot?
Camelot currently holds roughly $20M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Camelot?
Hindenrank has identified specific collapse scenarios for Camelot. The most prominent: "Closed-Source Vulnerability Exploitation". The trigger condition is An undiscovered vulnerability in Camelot's closed-source contracts or its Algebra V2 dependency is exploited, with no bug bounty program to incentivize responsible disclosure. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Camelot regulated or insured?
Camelot has low regulatory exposure on Hindenrank's framework (2/10). The protocol is structured in a way that minimizes counterparty and jurisdiction concentration, though regulatory risk in crypto can change rapidly. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Camelot?
Hindenrank's retail-focused risk audit flagged: The code is not public and there is no bug bounty program. If someone finds a vulnerability, they have every incentive to exploit it rather than report it The trading engine relies on Algebra V2, a third-party library. A bug in Algebra would directly drain Camelot's pools, similar to how Curve lost $73M from a compiler bug Only 18,386 GRAIL tokens circulate out of 73,506 total. This thin liquidity means a small buyer could manipulate the governance token price or capture the protocol cheaply
Should beginners deposit into Camelot?
Camelot is rated B, which is acceptable for users who understand the protocol's mechanism. Beginners should read the full risk breakdown and only deposit after they can articulate the top three failure modes. If you cannot explain how the protocol works, do not deposit.
How does Camelot compare to safer DEX alternatives?
Camelot is one protocol in Hindenrank's DEX coverage. The safest DEX protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Camelot against the full DEX ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Camelot risk report.
Read the Full Camelot Risk Report
This protocol has 2 collapse scenarios. 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.