Perfolio is a gold-backed lending platform. You buy gold (XAUT, where each token equals exactly 1 ounce of real physical gold stored in Swiss vaults), then borrow digital dollars (USDT, each worth exactly $1, convertible to your local currency) against your gold. No credit checks needed. No monthly EMI payments. No repayment deadlines. Your gold stays yours throughout. When you repay the loan, you get your gold back. It works like a modern digital gold pawn shop, but without the middleman, the paperwork, or the fees.

Gold (XAUT) is a digital gold token issued by Tether (the same company behind USDT stablecoins). Each gold token (XAUT) represents exactly 1 troy ounce of real physical gold, stored in LBMA-certified vaults in Switzerland. The gold reserves are independently audited every quarter by BDO Italia. Unlike gold ETFs, gold (XAUT) is redeemable for actual physical gold bars. Think of it as a digital certificate of ownership for gold in a vault: you own the gold, XAUT is your proof.

How does borrowing work?

Borrowing on Perfolio works in four simple steps. First, you buy gold (XAUT tokens) through the Perfolio app using your bank transfer or existing digital dollars (USDT). Second, you deposit your gold (XAUT) into the lending vault; think of this as locking your gold as security. Third, you receive digital dollars (USDT, worth $1 each) instantly, up to 77% of your gold's value. Fourth, you convert those digital dollars to your local currency (Indian Rupees, UAE Dirhams, Euros, etc.) and withdraw to your bank account. Your gold remains safely locked in the vault throughout. When you repay the loan, your gold is returned to you.

What interest rate will I pay?

Perfolio charges a variable interest rate starting from approximately 3% per year (APR, or Annual Percentage Rate). This means if you borrow $1,000 for a full year, you would pay about $30 in interest. The rate is not fixed; it goes up or down based on supply and demand in the lending market. You can see your current rate at any time in your Perfolio dashboard. There are no fixed monthly payments; interest accrues daily on whatever amount you have borrowed.

Are there repayment deadlines?

No. There are no repayment deadlines, no EMIs (equated monthly installments), and no fixed repayment schedule. You repay on your own terms, partially or fully, whenever you choose. You could repay after one week, one month, or one year. The only ongoing cost is interest, which accrues daily on your outstanding loan balance. Your gold collateral is returned to you as soon as the full loan amount plus accrued interest is repaid.

Where is my gold stored?

Your gold (XAUT tokens) represents physical gold bars stored in LBMA-certified (London Bullion Market Association) vaults in Switzerland. These are professional-grade precious metals storage facilities, the same standard used by central banks and institutional investors. The gold is fully insured. Tether, the issuer of XAUT, publishes independently audited reserve reports every quarter, conducted by BDO Italia, confirming that every gold token (XAUT) in circulation is backed by a real ounce of physical gold.

What fees does Perfolio charge?

Perfolio charges interest only on the amount you have borrowed, nothing else. There are no origination fees (fees for creating the loan), no account maintenance fees, no deposit fees, no withdrawal fees, and no hidden charges of any kind. You pay interest daily on your outstanding loan balance at the variable market rate, which starts from approximately 3% APR. If you borrow $1,000 for 30 days at 3% APR, you pay roughly $2.50 in total interest.

Is the lending protocol secure?

Perfolio uses an independently audited smart contract as its lending infrastructure. It is a non-custodial lending protocol deployed on Ethereum, one of the most widely used and tested blockchain networks in the world. Non-custodial means no single company (including Perfolio) can access or freeze your funds. The protocol has been independently audited by multiple leading security firms and handles billions of dollars in assets. All transactions are recorded publicly on the Ethereum blockchain, meaning you can verify every deposit, loan, and repayment yourself.

Is Perfolio a cryptocurrency app?

No. Perfolio is a gold lending platform that uses blockchain technology under the hood, similar to how Uber uses GPS technology, but you don't need to understand GPS to take a ride. You interact with gold and money, not with cryptocurrency. The blockchain ensures your transactions are transparent, secure, and instant.

What is USDT and how do I use it?

USDT (Tether USD) is a digital currency worth exactly $1. Think of it as digital dollars that you can send anywhere instantly. When you borrow on Perfolio, you receive USDT. You can then convert USDT to your local currency (Indian Rupees, UAE Dirhams, Euros, British Pounds, and more) through Perfolio's licensed payment provider and withdraw to your bank account.

What does 'digital gold' mean?

Digital gold means you own a token that represents real physical gold stored in a vault. Instead of keeping gold bars at home or in a bank locker, you hold a digital certificate (XAUT token) that proves you own that gold. The advantage: you can buy fractional amounts (as little as $10 worth), trade 24/7, and use your gold as collateral for instant loans. These are things you can't do with physical gold.

How does the lending technology work?

Perfolio's loans are powered by an audited smart contract, which is automated banking software that runs on the Ethereum blockchain. Instead of a bank officer processing your loan (which takes days and involves paperwork), the smart contract processes it in seconds with no human intervention. The protocol has been independently audited by multiple leading security firms and handles billions of dollars in loans.

What is LTV (Loan-to-Value)?

LTV stands for Loan-to-Value ratio. It's how much you can borrow relative to your gold's value. Perfolio allows up to 77% LTV. Example: if your gold is worth $10,000, you can borrow up to $7,700. The remaining $2,300 acts as a safety buffer in case gold price drops. A lower LTV means a safer position.

What happens if gold price drops while I have a loan?

If gold price drops significantly, your loan may become under-collateralized (meaning your gold is no longer worth enough to back your loan). In this case, the lending protocol may automatically sell some of your gold to repay part of the loan. This is called liquidation. Perfolio shows your 'health factor' in real-time so you can take action before this happens: either add more gold collateral or repay part of your loan.

Do I need to understand blockchain or crypto to use Perfolio?

Not at all. Perfolio is designed for people who want to use gold as a financial tool, not for crypto experts. You buy gold, you borrow money, you repay when you want. The blockchain technology works in the background to make everything faster, cheaper, and more transparent, but you never need to interact with it directly.

DeFi Gold Lending Protocol Security and Audit Reports

Perfolio's gold (XAUT) lending stack rests on four independent security pillars: smart contract audits by industry-leading firms (OpenZeppelin, Trail of Bits, Halborn), BDO Italia attestations on the Swiss-vaulted physical gold backing XAUT, robust oracle design, and a non-custodial architecture that limits operational risk surface. Each layer is verifiable through public reports.

Why Security Architecture Matters For Gold Lending

A gold-backed loan is only as safe as the weakest link in the chain. The borrower's gold (XAUT) sits in an automated lending contract (smart contract). The XAUT token is backed by physical gold in a Swiss vault. The price feed comes from an oracle. The loan proceeds settle in digital dollars (USDT). Each component must work correctly for the system to deliver on its promises. A flaw in any single layer can cascade into loss.

Mature DeFi lending solves this with redundancy. Multiple independent auditors review the contracts. Multiple price oracles prevent single-source manipulation. Multiple custody verifications confirm the underlying assets exist. The result is a layered defence that is meaningfully more transparent than a traditional bank's internal controls.

Pillar One: Smart Contract Audits

The lending logic itself is implemented in audited automated lending contracts (smart contract) deployed onchain. Three firms dominate the high-end audit market for DeFi protocols:

OpenZeppelin is the most widely used auditor in DeFi. The firm publishes detailed audit reports including methodology, findings classified by severity (critical, high, medium, low, informational), and remediation tracking. Their audit library covers most of the largest lending protocols, AMMs, and bridges deployed onchain. An OpenZeppelin audit report is publicly downloadable from the firm's website and forms part of the standard due diligence checklist for institutional capital.

Trail of Bits brings a deeper systems-security lens to DeFi audits, with origins in adversarial security research and military-grade red-teaming. Their audits emphasise threat modelling, formal verification where applicable, and edge-case analysis. Trail of Bits has audited protocols across DeFi, layer-2 bridges, and stablecoin issuers.

Halborn specialises in blockchain and DeFi penetration testing, with a track record covering layer-1 protocols, custodians, and lending markets. Their reports include both static contract analysis and dynamic testing of deployed systems.

Best practice in 2026 is to commission audits from at least two of these firms, addressing all critical and high-severity findings before mainnet deployment, and re-auditing after any material upgrade. Reports remain publicly available on the auditor's site and on the protocol's documentation pages.

Pillar Two: Underlying Gold Attestations

Security audit certificate with checkmark for DeFi gold lending protocol — Independent security audits check for reentrancy vulnerabilities, oracle manipulation, and access control flaws in lending smart contracts.

The smart contract audits cover the lending logic, but they cannot verify that the gold (XAUT) tokens used as collateral are actually backed by physical gold. That verification comes from a different layer: independent attestations on the issuer's gold holdings.

Tether Gold, the issuer of XAUT, holds the underlying physical gold in audited Swiss vaults. The accounting verification is performed by BDO Italia, one of the largest accounting and audit networks globally. BDO publishes periodic attestations confirming that the number of XAUT tokens in circulation matches the troy ounces of LBMA-good-delivery gold held in vault. The reports specify vault location at the city level, the weight of gold, the form (allocated bars), and the methodology used to verify holdings.

This is the equivalent of a banking audit on the asset side of the balance sheet. A borrower pledging gold (XAUT) on Perfolio can trace the chain: the loan contract holds the borrower's XAUT, the XAUT is backed by physical gold, the gold sits in a named Swiss vault, and BDO Italia confirms the holdings. Each link is independently verifiable.

Pillar Three: Oracle Design

The lending contract needs to know the gold price in real time to compute LTV and trigger liquidations correctly. The price comes from a price oracle, a contract or off-chain service that publishes the current price onchain. A flawed oracle is one of the most common sources of DeFi exploits, because manipulating the reported price can let an attacker borrow more than the collateral is worth or trigger malicious liquidations.

Best-practice oracle design has converged on several principles. First, multiple independent price sources are aggregated, so no single venue's price can move the protocol's reading. Chainlink and similar decentralised oracle networks aggregate from dozens of high-volume venues and publish median prices. Second, time-weighted averages smooth out short-term spikes, preventing one-block manipulation. Third, deviation thresholds and heartbeat updates ensure prices stay current without exposure to stale-data exploits.

Perfolio's oracle stack follows these principles, sourcing gold prices from multiple independent venues, aggregating with median rather than mean, and applying short time-weighted averaging. Liquidation triggers reference the smoothed price rather than spot, which both reduces unnecessary liquidations during transient spikes and frustrates oracle manipulation attempts.

Pillar Four: Non-Custodial Architecture

The fourth security pillar is structural. Perfolio is non-custodial. The borrower retains keys to their gold (XAUT) at all times. The collateral is locked in the lending contract by the borrower's own signature, and released by the same contract on repayment. There is no intermediate party that takes possession.

This eliminates a category of risk that traditional finance cannot avoid: counterparty insolvency. A bank that holds your gold for a loan can fail. The 2008 cycle and various sovereign banking crises have repeatedly tested this risk. A non-custodial protocol cannot fail in the same way because there is no custodian to fail. The contract executes regardless of who deployed it or who operates the front end.

Non-custodial also means the protocol cannot rehypothecate collateral. Traditional lenders sometimes lend out collateral they hold for one borrower to another, generating extra revenue at the cost of additional counterparty risk. The smart contract simply cannot do this; the rules are written in code and enforced by the network.

What Audits Do Not Cover

It is worth being precise about the limits of audits. A smart contract audit verifies that the contract behaves as documented. It does not guarantee that the documented behaviour is economically optimal, nor that the protocol's parameters (LTV, liquidation threshold, interest rate model) will hold up under all market conditions. Audits also do not cover off-chain components like the front-end web application, oracles operated by third parties, or the operational security of the team's keys for administrative functions.

Mature protocols extend security beyond audits. Bug bounty programs incentivise external researchers to find issues. On-chain monitoring tools watch for anomalous activity. Time-locked upgrade mechanisms prevent any single party from changing critical parameters without notice. Multi-signature controls on administrative functions distribute authority across multiple keys, eliminating single-point compromise.

Public Verifiability

The cumulative effect of these layers is something traditional finance cannot match: verifiability. Anyone with internet access can read the smart contract source code, review the OpenZeppelin or Trail of Bits audit reports, check the Tether Gold BDO Italia attestations, watch the oracle price feeds in real time, and observe the on-chain reserves of the lending market. There is no privileged access required to confirm that the system is working as advertised.

Compare this to a traditional bank. The bank's loan book, internal controls, and stress test results are not public. The borrower has to trust the regulator's oversight, which the borrower cannot independently verify. The architectures are simply different in transparency design, and the DeFi side wins clearly on this dimension.

What A Borrower Should Check Before Committing

Practical due diligence before drawing any DeFi gold loan, including on Perfolio:

Read at least the executive summary of each audit report. Confirm critical and high-severity findings are remediated.
Confirm BDO Italia or equivalent attestations on the underlying gold are current (within the last quarter).
Check the oracle price source. Confirm aggregation across multiple venues with time-weighted averaging.
Verify the protocol is non-custodial by reading the contract logic or audit summary explanation.
Look for an active bug bounty program with meaningful payout sizes.
Review the upgrade mechanism. Time locks and multi-sig are favourable; instant admin upgrades are concerning.

Borrowers who run through this checklist before drawing the loan have a much more accurate picture of the actual risk profile than borrowers who rely on marketing copy alone.

Closing

Security in DeFi gold lending is not a single audit; it is a stack of independent verifications. Perfolio's gold (XAUT) infrastructure rests on top-tier smart contract audits, BDO Italia attestations on Swiss-vaulted physical gold, robust multi-source oracle design, and a non-custodial architecture. The full report library and ongoing monitoring dashboards are published on the security overview page, and the operational mechanics are detailed in how Perfolio works end to end.