Legal

Risk Disclosure

Last updated: March 20, 2026

Important: Please read this entire document carefully before using HeirVault.

Using HeirVault involves significant risks, including the potential total loss of your digital assets. This document describes the key risks but is not exhaustive. You should consult qualified legal, financial, and tax professionals before using the Service. HeirVault does not provide financial, legal, or tax advice.

HeirVault is a non-custodial, smart contract-based digital asset inheritance platform. By using HeirVault, you acknowledge that you have read, understood, and accepted all risks described in this document and in our Terms of Service.

Digital assets, blockchain technology, decentralized finance (DeFi), and smart contract-based estate planning are emerging technologies with limited regulatory clarity and no established legal precedent in most jurisdictions. The risks described below are inherent to these technologies and cannot be fully mitigated by HeirVault or any other service provider.

1. Smart Contract Risks

Code Vulnerabilities

Despite using audited libraries (OpenZeppelin) and following security best practices, smart contracts may contain undiscovered vulnerabilities, logic errors, or edge cases that could result in loss of funds. No smart contract audit can guarantee the absence of bugs.

Immutability

Once deployed, smart contracts on the blockchain cannot be modified. If a vulnerability is discovered, it may not be possible to patch or fix the affected contract. While the protocol uses a proxy pattern to allow upgrades, individual vault contracts are immutable.

Reentrancy and Exploit Vectors

Smart contracts are subject to various attack vectors including reentrancy attacks, flash loan exploits, integer overflow/underflow, and front-running. While HeirVault implements safeguards (ReentrancyGuard, commit-reveal), no protection is absolute.

Dependency Risk

HeirVault smart contracts depend on external libraries (OpenZeppelin) and protocols (Aave V3). Vulnerabilities in these dependencies could affect your vault. A compromised dependency could be exploited before a patch is available.

2. Blockchain and Network Risks

Transaction Irreversibility

All blockchain transactions are final and irreversible. If you send assets to the wrong address, configure incorrect heir shares, or execute a claim prematurely, there is no mechanism to reverse the transaction.

Emergency Pause Scope

Emergency pause controls may affect claim initiation/finalization and native ETH and tracked ERC-20/ERC-721 deposits, while already executed post-claim withdrawals follow the vault's withdrawal rules.

Network Congestion and Fees

Blockchain networks may experience congestion, resulting in delayed transactions and elevated gas fees. During periods of high congestion, check-in transactions may fail or be delayed, potentially triggering unintended claim windows.

Hard Forks and Chain Splits

Blockchain networks may undergo hard forks or chain splits, resulting in duplicate copies of your vault on multiple chains. This could create conflicting claims or duplicate assets with unclear legal status.

Chain Halts and Reorganizations

Blockchain networks may halt, reorganize, or experience consensus failures. A chain reorganization could revert confirmed transactions, including check-ins or claim executions.

51% Attacks

A malicious actor controlling a majority of a network's hash power or stake could potentially reorganize the blockchain, double-spend transactions, or censor specific transactions including check-ins and claims.

Cross-Chain Risks

HeirVault operates across multiple blockchain networks. Bridge exploits, cross-chain messaging failures, or inconsistent block finality between chains may affect multi-chain vault operations.

3. Key Management and Wallet Risks

Private Key Loss

Loss of your private key or seed phrase will result in permanent, irrecoverable loss of access to your vault and all assets within it. HeirVault cannot recover, reset, or regenerate your keys. There is no "forgot password" functionality in self-custody.

Wallet Compromise

If your wallet is compromised (through phishing, malware, social engineering, or physical theft), an attacker could drain your vault, change heir configurations, or perform unauthorized check-ins to prevent legitimate claims.

Heir Key Loss

If one or more heirs lose access to their wallet(s), they may be unable to participate in the multisig claim process. Depending on the M-of-N threshold, this could prevent claim execution entirely, locking assets indefinitely.

Hardware Wallet Failures

Hardware wallets can fail, be lost, or become unsupported by their manufacturers. If your hardware wallet fails and you do not have a backup of your seed phrase, access to your vault may be permanently lost.

4. DeFi and Yield Risks

Aave Protocol Risk

Assets deposited into Aave V3 through HeirVault's yield feature are subject to all risks of the Aave protocol, including smart contract vulnerabilities, governance attacks, liquidity crises, and protocol insolvency.

Variable Yield Rates

DeFi yield rates are variable and can change dramatically in short periods. Rates may drop to zero or become negative. Past yield performance does not guarantee future returns.

Liquidity Risk

During periods of high utilization, it may not be possible to withdraw assets from Aave immediately. This could delay claim execution or heir withdrawals.

Token Depegging

Stablecoins and wrapped tokens may lose their peg to the underlying asset. A depeg event could significantly reduce the value of assets in your vault.

Impermanent Loss and Slippage

Depending on the tokens deposited and market conditions, withdrawal from DeFi protocols may involve slippage or unfavorable exchange rates.

5. Legal and Regulatory Risks

Uncertain Legal Status

The legal status of smart contract-based inheritance arrangements varies significantly by jurisdiction and is largely untested in courts. A court may not recognize the smart contract execution as a valid transfer of property.

Regulatory Changes

Cryptocurrency regulations are evolving rapidly worldwide. New laws or enforcement actions could restrict, prohibit, or impose new requirements on the use of HeirVault in your jurisdiction without advance notice.

Forced Heirship Conflicts

Many jurisdictions (France, Germany, Russia, Spain, Italy, UAE, and others) have mandatory inheritance rules that require minimum shares for certain family members. A vault configuration that violates forced heirship rules may be challenged in court, potentially resulting in legal disputes or asset freezes.

Tax Obligations

Digital asset inheritance may trigger estate tax, gift tax, capital gains tax, or income tax obligations in various jurisdictions. Tax rates, exemptions, and reporting requirements differ significantly. HeirVault's tax reports are informational only and may not capture all applicable obligations.

Cross-Jurisdictional Conflicts

When the owner and heirs reside in different jurisdictions, conflicting laws may apply. Determining which jurisdiction's law governs the transfer, and how double taxation treaties apply to digital assets, remains a developing area of law.

Not a Will or Legal Trust

HeirVault structures vaults as revocable inter vivos conditional trusts for legal context, but this framework has not been tested in most courts. The Trust Declaration generated by the platform is an informational document, not a legal instrument prepared by a licensed attorney. It may not be sufficient as the sole estate planning mechanism.

Sanctions and Compliance

If wallet addresses associated with your vault are later designated on sanctions lists (OFAC SDN, EU, UN), access to the Service may be restricted. On-chain smart contracts will continue to function, but interacting with sanctioned addresses may expose you to legal liability.

6. Operational and Platform Risks

Service Discontinuation

While HeirVault's smart contracts are autonomous and will continue to function on-chain regardless of the platform's status, the web interface, notification services, legal document generation, and customer support may become unavailable if HeirVault ceases operations.

Oracle Failure

Fair Market Value (FMV) calculations for tax reports rely on third-party price oracles (Chainlink). Oracle manipulation, delayed updates, or complete failure may result in incorrect asset valuations, affecting tax reporting and cost basis calculations.

Notification Failures

Check-in reminders via email or Telegram are sent on a best-effort basis. Delivery failures (spam filtering, service outages, network issues) could result in missed check-ins and unintended claim activation.

DNS and Frontend Attacks

Phishing attacks, DNS hijacking, or compromised frontend code could redirect users to malicious interfaces that drain wallets. Always verify you are on the correct domain (heirvault.xyz) and that the smart contract addresses match.

Infrastructure Failures

Server outages, database failures, or cloud provider issues could temporarily prevent access to the platform interface, API, and notification services. The on-chain vaults remain accessible via block explorers.

7. Market and Financial Risks

Extreme Volatility

Digital asset markets are extremely volatile. The value of assets in your vault may decline by 50%, 90%, or even 100% between the time of deposit and the time of heir withdrawal. HeirVault does not protect against market losses.

Counterparty Risk

Tokens held in your vault are issued by third parties. The issuer of an ERC-20 token could blacklist addresses (including your vault), pause transfers, or become insolvent, rendering the tokens worthless or non-transferable.

NFT-Specific Risks

NFTs (ERC-721 tokens) held in vaults may lose their value entirely. NFT metadata and media are typically stored off-chain (IPFS, Arweave, or centralized servers) and may become unavailable. The vault transfers the token, not the underlying media.

Fee Erosion

Gas fees for check-ins, claims, and withdrawals, plus protocol fees on vault creation, may erode the value of smaller vaults. In extreme cases, fees could exceed the vault's value.

8. Inheritance-Specific Risks

False Triggering

If the vault owner is temporarily unable to check in (hospitalization, travel without internet, incarceration, natural disaster), the dead man's switch may trigger prematurely. While guardians can extend the grace period, this requires the guardian to be aware and responsive.

Denial of Legitimate Claims

If the M-of-N multisig threshold is set too high and some heirs are unresponsive, legitimate claims may fail. If guardians continuously extend the grace period, heirs may never be able to claim.

Outdated Configuration

Family circumstances change (births, deaths, marriages, divorces). If the vault owner does not update heir configurations to reflect life changes, assets may be distributed in ways that do not reflect the owner's current wishes.

Privacy Risks

On-chain vault data (heir addresses, share percentages, deposit amounts) is publicly visible on the blockchain. This may expose sensitive financial information about your estate and beneficiaries.

Probate Interaction

In some jurisdictions, the existence of an on-chain inheritance vault may interact with probate proceedings in unexpected ways. Courts may treat vault assets as part of the estate or challenge the validity of the on-chain transfer.

9. Risk Acknowledgment

By using HeirVault, you explicitly acknowledge and accept that:

You have read and understood all risks described in this document.
You understand that digital asset inheritance via smart contracts is an emerging technology with no established legal precedent in most jurisdictions.
You accept the risk of total loss of all digital assets deposited into a vault.
You understand that HeirVault is a non-custodial tool and cannot intervene in smart contract execution, recover lost keys, or reverse transactions.
You are solely responsible for your own due diligence, including consulting qualified legal, financial, and tax professionals.
You understand that this Risk Disclosure is not exhaustive and that additional risks may exist that are not described here.
You will not hold HeirVault, its directors, officers, employees, or affiliates liable for losses arising from the risks described in this document.
The Trust Declaration and other legal documents generated by HeirVault are informational tools, not legal instruments, and may not be enforceable in your jurisdiction.

If you do not accept these risks, do not use HeirVault.

Contact

For questions about this Risk Disclosure, contact us at legal@heirvault.xyz or use our contact form.