Box Vaults

Box is Steakhouse’s ERC-4626 child vault used to allocate a base asset into whitelisted strategies and funding modules while remaining non-custodial and tightly governed. It is designed to be as decentralized and permissionless as possible while still enforcing risk controls. Box is meant to be used through a parent Morpho Vault V2 adapter, not as a standalone vault.

Overview

Holds a single base asset (e.g., USDC) and issues ERC-4626 shares.
Allocates into whitelisted ERC-20 tokens and approved lending modules.
Uses timelocks, a guardian veto, and shutdown controls to protect users.
Enables permissionless unwind operations during winddown.

Architecture

The parent Vault V2 allocates into Box via an adapter that acts as the feeder. Box shares are held by the adapter, so Vault V2 share holders remain the economic owners of Box positions.

Governance and decentralization

Box is structured so that risk-critical actions are timelocked and can be vetoed by a guardian. In Steakhouse deployments, the guardian is typically controlled by an Aragon DAO representing Vault V2 share holders, so users can veto queued changes, trigger shutdowns, or recover the system when needed.

Shutdown and winddown

Shutdown is the core decentralization safeguard. A guardian (typically controlled by the Aragon DAO) can halt new deposits if governance believes allocations or funding activity are unsafe. This immediately freezes new intake while giving share holders time to respond. If the guardian agrees the issue is resolved, they can recover back to normal before winddown begins.

Once the warmup period elapses, Box enters winddown. At that point, anyone can help unwind positions and return the system to the base asset, so withdrawals no longer depend on trusted operators. This makes exit paths permissionless even in stressed conditions.

Normal: allocations and funding activity operate as usual.
Shutdown: deposits halt immediately; guardian can still recover.
Winddown: positions can be unwound permissionlessly to return to the base asset.

Funding modules

Box can integrate lending protocols through modular funding adapters. Today the supported modules are Aave v3 and Morpho Blue. Only Box-owned, pre-vetted modules are added, and each module is configured to use only whitelisted collateral and debt assets.

Risk considerations

Slippage risk: swaps are bounded by slippage controls, but market impact can still reduce value.
Oracle risk: token pricing depends on oracles; inaccurate prices can affect allocations.
Liquidity risk: Box redemptions depend on available liquidity or winddown.
Governance risk: timelocks and guardian vetoes reduce risk, but governance still requires active participation.

Audit and source

ChainSecurity audit (Dec 2025): 2025-12-16-chainsecurity.pdf
Cantina audit (Jan 2026): 2026-01-06-cantina.pdf

Technical reference

For implementation details (roles, timelocks, slippage math, and funding module interfaces), see the technical deep dive:

Box Vaults: Technical Reference

PreviousMetaOracle (Deviation Timelock)NextTechnical Reference

Last updated 22 days ago

Good night

hashtagOverview

hashtagArchitecture

hashtagGovernance and decentralization

hashtagShutdown and winddown

hashtagFunding modules

hashtagRisk considerations

hashtagAudit and source

hashtagTechnical reference